CWE-287
DiscouragedImproper Authentication
Abstraction: Class · Status: Draft
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
5966 vulnerabilities reference this CWE, most recent first.
GHSA-4VWR-F92G-29M6
Vulnerability from github – Published: 2025-12-26 03:30 – Updated: 2025-12-26 03:30A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. Upgrading to version 2023.1.1.13.486, 2023.2.1.10.293, 2024.1.1.9.236, 2024.2.1.6.125 and 2025.1.1.1.31 can resolve this issue. Upgrading the affected component is recommended.
{
"affected": [],
"aliases": [
"CVE-2025-15097"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-26T03:15:50Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. Upgrading to version 2023.1.1.13.486, 2023.2.1.10.293, 2024.1.1.9.236, 2024.2.1.6.125 and 2025.1.1.1.31 can resolve this issue. Upgrading the affected component is recommended.",
"id": "GHSA-4vwr-f92g-29m6",
"modified": "2025-12-26T03:30:15Z",
"published": "2025-12-26T03:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15097"
},
{
"type": "WEB",
"url": "https://gist.github.com/apostolovd/f84631eed2f0c0e83e2e174b1480f08c"
},
{
"type": "WEB",
"url": "https://help.alteryx.com/release-notes/en/release-notes/server-release-notes/server-2025-1-release-notes.html"
},
{
"type": "WEB",
"url": "https://ict-strypes.eu/wp-content/uploads/2025/12/Alteryx-Second-Research.pdf"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.338428"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.338428"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.710169"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4VX6-FGH9-HR42
Vulnerability from github – Published: 2022-09-02 00:01 – Updated: 2022-09-08 00:00Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality
{
"affected": [],
"aliases": [
"CVE-2022-34372"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-01T19:15:00Z",
"severity": "CRITICAL"
},
"details": "Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality",
"id": "GHSA-4vx6-fgh9-hr42",
"modified": "2022-09-08T00:00:33Z",
"published": "2022-09-02T00:01:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34372"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000201970/dsa-2022-196-dell-emc-cyber-recovery-security-update-for-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4W34-678C-Q5HP
Vulnerability from github – Published: 2023-11-15 00:31 – Updated: 2024-09-19 15:30Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.
{
"affected": [],
"aliases": [
"CVE-2023-43582"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-939"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-15T00:15:08Z",
"severity": "MODERATE"
},
"details": "Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.\n",
"id": "GHSA-4w34-678c-q5hp",
"modified": "2024-09-19T15:30:47Z",
"published": "2023-11-15T00:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43582"
},
{
"type": "WEB",
"url": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-4W3Q-QPFQ-V992
Vulnerability from github – Published: 2026-07-13 18:26 – Updated: 2026-07-13 18:26Summary
Apollo ConfigService may allow unauthorized access to configuration data when AccessKey / management key authentication is enabled and ConfigService accepts a non-canonical appId variant during authentication while downstream request handling resolves it to the protected app.
Details
ConfigService extracts appId from configuration and notification requests and uses the extracted value to look up available AccessKey secrets. If the extracted appId is a non-canonical variant that does not exactly match the AccessKey cache key, ConfigService may treat the request as having no available secrets and allow it to continue without signature verification.
This can happen when downstream release lookup still matches the real appId under database collations that treat the values as equivalent. Examples include accent variants under accent-insensitive collations, or trailing-space variants under PAD SPACE collations.
Impact
An unauthenticated remote attacker may read configuration data from affected ConfigService endpoints when AccessKey / management key authentication is enabled for the target app and the deployment database collation treats a non-canonical appId variant as equivalent to the real appId.
Affected endpoints
The primary impact is on ConfigService configuration read endpoints under /configs and /configfiles. Notification endpoints using appId parameters are also hardened as defense-in-depth.
Status
Fixed in Apollo 2.5.2. Users should upgrade to Apollo 2.5.2 or later.
Related advisory
The raw config file endpoint parsing issue originally described in this advisory has been split into GHSA-h4pc-58cc-hc95 so each independently fixable vulnerability can receive its own CVE.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.ctrip.framework.apollo:apollo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-59954"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-287"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-13T18:26:30Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\nApollo ConfigService may allow unauthorized access to configuration data when AccessKey / management key authentication is enabled and ConfigService accepts a non-canonical appId variant during authentication while downstream request handling resolves it to the protected app.\n\n### Details\nConfigService extracts appId from configuration and notification requests and uses the extracted value to look up available AccessKey secrets. If the extracted appId is a non-canonical variant that does not exactly match the AccessKey cache key, ConfigService may treat the request as having no available secrets and allow it to continue without signature verification.\n\nThis can happen when downstream release lookup still matches the real appId under database collations that treat the values as equivalent. Examples include accent variants under accent-insensitive collations, or trailing-space variants under PAD SPACE collations.\n\n### Impact\nAn unauthenticated remote attacker may read configuration data from affected ConfigService endpoints when AccessKey / management key authentication is enabled for the target app and the deployment database collation treats a non-canonical appId variant as equivalent to the real appId.\n\n### Affected endpoints\nThe primary impact is on ConfigService configuration read endpoints under /configs and /configfiles. Notification endpoints using appId parameters are also hardened as defense-in-depth.\n\n### Status\nFixed in Apollo 2.5.2. Users should upgrade to Apollo 2.5.2 or later.\n\n### Related advisory\nThe raw config file endpoint parsing issue originally described in this advisory has been split into GHSA-h4pc-58cc-hc95 so each independently fixable vulnerability can receive its own CVE.",
"id": "GHSA-4w3q-qpfq-v992",
"modified": "2026-07-13T18:26:30Z",
"published": "2026-07-13T18:26:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/apolloconfig/apollo/security/advisories/GHSA-4w3q-qpfq-v992"
},
{
"type": "PACKAGE",
"url": "https://github.com/apolloconfig/apollo"
},
{
"type": "WEB",
"url": "https://github.com/apolloconfig/apollo/releases/tag/v2.5.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apollo ConfigService access key authentication bypass via appId parsing and non-canonical matching"
}
GHSA-4W4F-PCXR-8PPR
Vulnerability from github – Published: 2022-05-24 17:16 – Updated: 2022-10-06 18:52HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs)
{
"affected": [],
"aliases": [
"CVE-2019-18823"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-04-27T15:15:00Z",
"severity": "CRITICAL"
},
"details": "HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs)",
"id": "GHSA-4w4f-pcxr-8ppr",
"modified": "2022-10-06T18:52:07Z",
"published": "2022-05-24T17:16:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18823"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00000.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EOTJJOSMYKXIYXWSG3H4KN332EDSEB6"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BL5YCZXYS67MLJSHR4OLSWVHBE6PZJSB"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMPZ7XPOPA4JGAQAUJ4K7JV653DSCIDK"
},
{
"type": "WEB",
"url": "https://research.cs.wisc.edu/htcondor"
},
{
"type": "WEB",
"url": "https://research.cs.wisc.edu/htcondor/new.html"
},
{
"type": "WEB",
"url": "https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0001.html"
},
{
"type": "WEB",
"url": "https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0002.html"
},
{
"type": "WEB",
"url": "https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0003.html"
},
{
"type": "WEB",
"url": "https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0004.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5144"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4W94-8FF7-4XMW
Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed, allowing for unauthorized devices to be connected to the generator, which could result in a loss of integrity or availability.
{
"affected": [],
"aliases": [
"CVE-2017-14018"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-05T23:29:00Z",
"severity": "MODERATE"
},
"details": "An improper authentication issue was discovered in Johnson \u0026 Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed, allowing for unauthorized devices to be connected to the generator, which could result in a loss of integrity or availability.",
"id": "GHSA-4w94-8ff7-4xmw",
"modified": "2022-05-13T01:37:39Z",
"published": "2022-05-13T01:37:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14018"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-332-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101978"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-4WHX-7P29-MQ22
Vulnerability from github – Published: 2022-06-06 21:22 – Updated: 2025-07-09 15:49Impact
Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access. Only users using TiDB 5.3.0 are affected by this vulnerability.
Patches
Please upgrade to TiDB 5.3.1 or higher version
Workarounds
You can also mitigate risks by taking the following measures. Option 1: Turn off SEM (Security Enhanced Mode). Option 2: Disable local login for non-root accounts and ensure that the same IP cannot be logged in as root or normal user at the same time.
References
https://en.pingcap.com/download/
For more information
If you have any questions or comments about this advisory: * Email us at security@tidb.io
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/pingcap/tidb"
},
"ranges": [
{
"events": [
{
"introduced": "5.3.0"
},
{
"fixed": "5.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.3.0"
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/pingcap/tidb"
},
"ranges": [
{
"events": [
{
"introduced": "0.0.0-20210808221113-a7fdc2a05663"
},
{
"fixed": "0.0.0-20220221072141-27ffd1126da1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/pingcap/tidb"
},
"ranges": [
{
"events": [
{
"introduced": "1.1.0-beta.0.20210808221113-a7fdc2a05663"
},
{
"fixed": "1.1.0-beta.0.20220221072141-27ffd1126da1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-31011"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-06T21:22:28Z",
"nvd_published_at": "2022-05-31T20:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nUnder certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access.\nOnly users using TiDB 5.3.0 are affected by this vulnerability.\n\n### Patches\nPlease upgrade to TiDB 5.3.1 or higher version\n\n### Workarounds\nYou can also mitigate risks by taking the following measures.\nOption 1: Turn off SEM (Security Enhanced Mode).\nOption 2: Disable local login for non-root accounts and ensure that the same IP cannot be logged in as root or normal user at the same time.\n\n### References\nhttps://en.pingcap.com/download/\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at security@tidb.io",
"id": "GHSA-4whx-7p29-mq22",
"modified": "2025-07-09T15:49:23Z",
"published": "2022-06-06T21:22:28Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/pingcap/tidb/security/advisories/GHSA-4whx-7p29-mq22"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31011"
},
{
"type": "PACKAGE",
"url": "https://github.com/pingcap/tidb"
},
{
"type": "WEB",
"url": "https://github.com/pingcap/tidb/releases/tag/v5.3.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "TiDB authentication bypass vulnerability"
}
GHSA-4WM4-5VMP-66G7
Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2025-06-10 09:30A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.
{
"affected": [],
"aliases": [
"CVE-2020-7533"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-01T15:15:00Z",
"severity": "CRITICAL"
},
"details": "A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.",
"id": "GHSA-4wm4-5vmp-66g7",
"modified": "2025-06-10T09:30:30Z",
"published": "2022-05-24T17:35:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7533"
},
{
"type": "WEB",
"url": "https://download.schneider-electric.com/files?p_File_Name=SEVD-2020-287-01_Modicon_Web_Server_Security_Notificatiton.pdf\u0026p_Doc_Ref=SEVD-2020-287-01\u0026p_enDocType=Security+and+Safety+Notice"
},
{
"type": "WEB",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4WM8-HVM8-PH45
Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user's browser session on the affected system. Cisco Bug IDs: CSCvd14583.
{
"affected": [],
"aliases": [
"CVE-2017-6617"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-20T22:59:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user\u0027s browser session on the affected system. Cisco Bug IDs: CSCvd14583.",
"id": "GHSA-4wm8-hvm8-ph45",
"modified": "2022-05-13T01:36:32Z",
"published": "2022-05-13T01:36:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6617"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97929"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4WQ7-9V8P-8RMC
Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2022-06-29 00:00Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly.
{
"affected": [],
"aliases": [
"CVE-2020-36125"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-07T11:15:00Z",
"severity": "HIGH"
},
"details": "Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly.",
"id": "GHSA-4wq7-9v8p-8rmc",
"modified": "2022-06-29T00:00:32Z",
"published": "2022-05-24T19:01:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36125"
},
{
"type": "WEB",
"url": "https://blog.pridesec.com.br/p/4c972078-5f01-419e-8bea-cf31ff2e3670"
},
{
"type": "WEB",
"url": "https://marketing.paxtechnology.com/about-pax"
},
{
"type": "WEB",
"url": "https://www.whatspos.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Libraries or Frameworks
Use an authentication framework or library such as the OWASP ESAPI Authentication feature.
CAPEC-114: Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.
CAPEC-115: Authentication Bypass
An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.
CAPEC-151: Identity Spoofing
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.
CAPEC-194: Fake the Source of Data
An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
CAPEC-22: Exploiting Trust in Client
An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.
CAPEC-593: Session Hijacking
This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.
CAPEC-633: Token Impersonation
An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.
CAPEC-650: Upload a Web Shell to a Web Server
By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.
CAPEC-94: Adversary in the Middle (AiTM)
An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.