Skip to content

A threat actor may gain access to data and functionalities by bypassing the target authentication mechanism

License

Notifications You must be signed in to change notification settings

qeeqbox/authentication-bypass

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 

Repository files navigation

An adversary may gain access to data and functionalities by bypassing the target authentication mechanism

Example #1

  1. Threat actor requests a web application interface
  2. Sever sends a login request
  3. Threat actor adds a parameter that bypasses the authentication
  4. Sever sends the web application interface

Impact

High

Risk

  • Gain unauthorized access

Redemption

  • Validate access control

ID

0b73c51c-728c-4005-a1f1-84e303bbac1e

References

About

A threat actor may gain access to data and functionalities by bypassing the target authentication mechanism

Topics

Resources

License

Code of conduct

Stars

Watchers

Forks

Sponsor this project