Common Weakness Enumeration

CWE-287

Discouraged

Improper Authentication

Abstraction: Class · Status: Draft

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

5951 vulnerabilities reference this CWE, most recent first.

GHSA-66H5-29P5-X9FQ

Vulnerability from github – Published: 2022-05-14 02:42 – Updated: 2025-04-11 03:42
VLAI
Details

Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2010-4333"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-12-22T03:00:00Z",
    "severity": "HIGH"
  },
  "details": "Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies.",
  "id": "GHSA-66h5-29p5-x9fq",
  "modified": "2025-04-11T03:42:13Z",
  "published": "2022-05-14T02:42:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4333"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/15741"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/515306/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.uncompiled.com/2010/12/pointter-php-micro-blogging-social-network-unauthorized-privilege-escalation-cve-2010-4333"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-66RX-GQX3-P98M

Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-07-13 15:30
VLAI
Summary
Improper Authentication in Apache Axis2
Details

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.axis2:axis2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2012-5351"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-13T15:30:16Z",
    "nvd_published_at": "2012-10-09T23:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a \"Signature exclusion attack,\" a different vulnerability than CVE-2012-4418. ",
  "id": "GHSA-66rx-gqx3-p98m",
  "modified": "2022-07-13T15:30:42Z",
  "published": "2022-05-13T01:01:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5351"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79487"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "type": "WEB",
      "url": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Improper Authentication in Apache Axis2"
}

GHSA-66VH-4G4J-7X2Q

Vulnerability from github – Published: 2022-05-17 05:26 – Updated: 2025-04-11 04:00
VLAI
Details

The administrative interface in the embedded web server on the BreakingPoint Storm appliance before 3.0 does not require authentication for the gwt/BugReport script, which allows remote attackers to obtain sensitive information by downloading a .tgz file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2012-2963"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-08-12T16:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The administrative interface in the embedded web server on the BreakingPoint Storm appliance before 3.0 does not require authentication for the gwt/BugReport script, which allows remote attackers to obtain sensitive information by downloading a .tgz file.",
  "id": "GHSA-66vh-4g4j-7x2q",
  "modified": "2025-04-11T04:00:24Z",
  "published": "2022-05-17T05:26:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2963"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/520430"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/MAPG-8GANCC"
    },
    {
      "type": "WEB",
      "url": "http://www.secureworks.com/research/advisories/SWRX-2012-005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-66WX-WCFH-HV4G

Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-07-13 00:01
VLAI
Details

A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.0. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative users can be added. The issue occurs because Express is not set up to require authentication.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-28122"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-10T15:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.0. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative users can be added. The issue occurs because Express is not set up to require authentication.",
  "id": "GHSA-66wx-wcfh-hv4g",
  "modified": "2022-07-13T00:01:14Z",
  "published": "2022-05-24T17:44:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28122"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open5gs/open5gs/issues/837"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open5gs/open5gs/pull/838"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open5gs/open5gs/compare/v2.2.0...v2.2.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open5gs/open5gs/releases"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6726-2RX3-CGWH

Vulnerability from github – Published: 2024-02-07 15:30 – Updated: 2024-02-07 19:23
VLAI
Summary
Apache Ozone Improper Authentication vulnerability
Details

Improper Authentication vulnerability in Apache Ozone.

The vulnerability allows an attacker to download metadata internal to the Storage Container Manager service without proper authentication. The attacker is not allowed to do any modification within the Ozone Storage Container Manager service using this vulnerability. The accessible metadata does not contain sensitive information that can be used to exploit the system later on, and the accessible data does not make it possible to gain access to actual user data within Ozone. This issue affects Apache Ozone: 1.2.0 and subsequent releases up until 1.3.0.

Users are recommended to upgrade to version 1.4.0, which fixes the issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.ozone:ozone-main"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.2.0"
            },
            {
              "fixed": "1.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-39196"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-07T19:23:35Z",
    "nvd_published_at": "2024-02-07T13:15:07Z",
    "severity": "MODERATE"
  },
  "details": "Improper Authentication vulnerability in Apache Ozone.\n\nThe vulnerability allows an attacker to download metadata internal to the Storage Container Manager service without proper authentication.\nThe attacker is not allowed to do any modification within the Ozone Storage Container Manager service using this vulnerability.\nThe accessible metadata does not contain sensitive information that can be used to exploit the system later on, and the accessible data does not make it possible to gain access to actual user data within Ozone.\nThis issue affects Apache Ozone: 1.2.0 and subsequent releases up until 1.3.0.\n\nUsers are recommended to upgrade to version 1.4.0, which fixes the issue.",
  "id": "GHSA-6726-2rx3-cgwh",
  "modified": "2024-02-07T19:23:35Z",
  "published": "2024-02-07T15:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39196"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/ozone"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/o96ct5t7kj5cgrmmfc6756m931t08nky"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/02/07/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Ozone Improper Authentication vulnerability"
}

GHSA-676J-VQR4-6W3H

Vulnerability from github – Published: 2022-05-24 17:22 – Updated: 2025-10-22 00:31
VLAI
Details

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-6287"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-07-14T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.",
  "id": "GHSA-676j-vqr4-6w3h",
  "modified": "2025-10-22T00:31:56Z",
  "published": "2022-05-24T17:22:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6287"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/2934135"
    },
    {
      "type": "WEB",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-6287"
    },
    {
      "type": "WEB",
      "url": "https://www.onapsis.com/recon-sap-cyber-security-vulnerability"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/162085/SAP-JAVA-Configuration-Task-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/Apr/6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6795-RMGW-89Q2

Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2023-03-08 03:30
VLAI
Details

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. The vulnerability is due to an incorrect implementation of authentication in the web-based management interface. An attacker could exploit this vulnerability by sending a crafted authentication request to the web-based management interface on an affected system. A successful exploit could allow the attacker to view limited configuration details and potentially upload a virtual machine image.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-1946"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-08T08:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. The vulnerability is due to an incorrect implementation of authentication in the web-based management interface. An attacker could exploit this vulnerability by sending a crafted authentication request to the web-based management interface on an affected system. A successful exploit could allow the attacker to view limited configuration details and potentially upload a virtual machine image.",
  "id": "GHSA-6795-rmgw-89q2",
  "modified": "2023-03-08T03:30:16Z",
  "published": "2022-05-24T16:52:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1946"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfvis-authbypass"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-679G-PP8V-JVG4

Vulnerability from github – Published: 2026-06-02 15:32 – Updated: 2026-06-16 03:30
VLAI
Details

An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.require_otp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticated session established during the application beforeFilter phase before the normal login flow enforces the OTP challenge.

As a result, an attacker with valid primary authentication credentials could bypass the required OTP step by authenticating through the plugin-backed login flow and then directly accessing another application URL instead of completing the OTP verification page. This allows access to the application as the affected user without providing a valid TOTP, HOTP, or email OTP code.

The issue affects configurations where plugin-based authentication is enabled and OTP is expected to be mandatory. The fix ensures that OTP requirements are checked immediately after plugin authentication and before the user session is established, redirecting users to the appropriate OTP challenge when required.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-10611"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-02T14:16:44Z",
    "severity": "HIGH"
  },
  "details": "An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.require_otp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticated session established during the application beforeFilter phase before the normal login flow enforces the OTP challenge.\n\n\n\nAs a result, an attacker with valid primary authentication credentials could bypass the required OTP step by authenticating through the plugin-backed login flow and then directly accessing another application URL instead of completing the OTP verification page. This allows access to the application as the affected user without providing a valid TOTP, HOTP, or email OTP code.\n\n\n\nThe issue affects configurations where plugin-based authentication is enabled and OTP is expected to be mandatory. The fix ensures that OTP requirements are checked immediately after plugin authentication and before the user session is established, redirecting users to the appropriate OTP challenge when required.",
  "id": "GHSA-679g-pp8v-jvg4",
  "modified": "2026-06-16T03:30:34Z",
  "published": "2026-06-02T15:32:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10611"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MISP/MISP/commit/39b3cb15aac4318afdd2ab63b96c2eac12b271fe"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-67MR-RVH8-9QX2

Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-05-13 01:50
VLAI
Details

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume's content with arbitrary data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-16947"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-12T01:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume\u0027s content with arbitrary data.",
  "id": "GHSA-67mr-rvh8-9qx2",
  "modified": "2022-05-13T01:50:28Z",
  "published": "2022-05-13T01:50:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16947"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4302"
    },
    {
      "type": "WEB",
      "url": "http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-67P5-4GJP-J4VW

Vulnerability from github – Published: 2022-05-17 04:42 – Updated: 2022-05-17 04:42
VLAI
Details

The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-3781"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-06-11T14:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request.",
  "id": "GHSA-67p5-4gjp-j4vw",
  "modified": "2022-05-17T04:42:21Z",
  "published": "2022-05-17T04:42:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3781"
    },
    {
      "type": "WEB",
      "url": "http://dotclear.org/blog/post/2014/05/16/Dotclear-2.6.3"
    },
    {
      "type": "WEB",
      "url": "http://karmainsecurity.com/KIS-2014-05"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/126766/Dotclear-2.6.2-Authentication-Bypass.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2014/May/107"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58675"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Architecture and Design

Strategy: Libraries or Frameworks

Use an authentication framework or library such as the OWASP ESAPI Authentication feature.

CAPEC-114: Authentication Abuse

An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.

CAPEC-115: Authentication Bypass

An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.

CAPEC-151: Identity Spoofing

Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.

CAPEC-194: Fake the Source of Data

An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.

CAPEC-22: Exploiting Trust in Client

An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.

CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data

This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.

CAPEC-593: Session Hijacking

This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.

CAPEC-633: Token Impersonation

An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.

CAPEC-650: Upload a Web Shell to a Web Server

By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.

CAPEC-94: Adversary in the Middle (AiTM)

An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.