CWE-287
DiscouragedImproper Authentication
Abstraction: Class · Status: Draft
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
5964 vulnerabilities reference this CWE, most recent first.
GHSA-6CGH-HJPW-Q3GQ
Vulnerability from github – Published: 2021-07-02 19:20 – Updated: 2021-07-02 18:25The Utils.readChallengeTx function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the serverAccountID has signed the transaction. The function does not verify that the server has signed the transaction and has been fixed so that it does in v8.2.3.
Applications that also used Utils.verifyChallengeTxThreshold or Utils.verifyChallengeTxSigners to verify the signatures including the server signature on the challenge transaction are unaffected as those functions verify the server signed the transaction.
Applications calling Utils.readChallengeTx should update to v8.2.3 to ensure that the challenge transaction is completely valid and signed by the server creating the challenge transaction.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "stellar-sdk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.2.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-32738"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2021-07-02T18:25:08Z",
"nvd_published_at": "2021-07-02T19:15:00Z",
"severity": "MODERATE"
},
"details": "The `Utils.readChallengeTx` function used in [SEP-10 Stellar Web Authentication](https://github.com/stellar/stellar-protocol/blob/master/ecosystem/sep-0010.md) states in its function documentation that it reads and validates the challenge transaction including verifying that the `serverAccountID` has signed the transaction. The function does not verify that the server has signed the transaction and has been fixed so that it does in v8.2.3.\n\nApplications that also used `Utils.verifyChallengeTxThreshold` or `Utils.verifyChallengeTxSigners` to verify the signatures including the server signature on the challenge transaction are unaffected as those functions verify the server signed the transaction.\n\nApplications calling `Utils.readChallengeTx` should update to v8.2.3 to ensure that the challenge transaction is completely valid and signed by the server creating the challenge transaction.",
"id": "GHSA-6cgh-hjpw-q3gq",
"modified": "2021-07-02T18:25:08Z",
"published": "2021-07-02T19:20:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/stellar/js-stellar-sdk/security/advisories/GHSA-6cgh-hjpw-q3gq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32738"
},
{
"type": "WEB",
"url": "https://github.com/stellar/js-stellar-sdk/commit/6f0bb889c2d10b431ddd5f4a1bcdd519c80430b3"
},
{
"type": "WEB",
"url": "https://github.com/stellar/js-stellar-sdk/releases/tag/v8.2.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Utils.readChallengeTx does not verify the server account signature"
}
GHSA-6CH5-CFF9-WJV7
Vulnerability from github – Published: 2022-05-17 00:45 – Updated: 2022-05-17 00:45TlGuestBook 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlGuestBook_login cookie to admin.
{
"affected": [],
"aliases": [
"CVE-2008-5065"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-11-13T17:24:00Z",
"severity": "HIGH"
},
"details": "TlGuestBook 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlGuestBook_login cookie to admin.",
"id": "GHSA-6ch5-cff9-wjv7",
"modified": "2022-05-17T00:45:29Z",
"published": "2022-05-17T00:45:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5065"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/6860"
},
{
"type": "WEB",
"url": "http://securityreason.com/securityalert/4585"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/31958"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-6CHG-8WHJ-347G
Vulnerability from github – Published: 2022-05-24 17:03 – Updated: 2022-05-24 17:03A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18318. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
{
"affected": [],
"aliases": [
"CVE-2019-18319"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-12T19:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18318. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",
"id": "GHSA-6chg-8whj-347g",
"modified": "2022-05-24T17:03:27Z",
"published": "2022-05-24T17:03:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18319"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-6CJ6-68X7-F44G
Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. IBM X-Force ID: 139754.
{
"affected": [],
"aliases": [
"CVE-2018-1443"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-08T16:29:00Z",
"severity": "MODERATE"
},
"details": "An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. IBM X-Force ID: 139754.",
"id": "GHSA-6cj6-68x7-f44g",
"modified": "2022-05-13T01:33:17Z",
"published": "2022-05-13T01:33:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1443"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139754"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014160"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014161"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103365"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040454"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040455"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-6CPV-J32F-RQMR
Vulnerability from github – Published: 2026-05-15 09:31 – Updated: 2026-05-15 09:31The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which WordPress account to authenticate after a LINE OAuth login. When LINE doesn't provide an email address (which is common), the plugin falls back to reading the 'form_notify_line_email' cookie value without verifying that the LINE account is associated with that email address. This makes it possible for unauthenticated attackers to gain access to any user account on the site, including administrator accounts, by completing a LINE OAuth flow with their own LINE account while injecting a malicious cookie containing the target victim's email address.
{
"affected": [],
"aliases": [
"CVE-2026-5229"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-15T09:16:16Z",
"severity": "CRITICAL"
},
"details": "The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which WordPress account to authenticate after a LINE OAuth login. When LINE doesn\u0027t provide an email address (which is common), the plugin falls back to reading the \u0027form_notify_line_email\u0027 cookie value without verifying that the LINE account is associated with that email address. This makes it possible for unauthenticated attackers to gain access to any user account on the site, including administrator accounts, by completing a LINE OAuth flow with their own LINE account while injecting a malicious cookie containing the target victim\u0027s email address.",
"id": "GHSA-6cpv-j32f-rqmr",
"modified": "2026-05-15T09:31:32Z",
"published": "2026-05-15T09:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5229"
},
{
"type": "WEB",
"url": "https://github.com/oberonlai/form-notify/commit/5eab0ea"
},
{
"type": "WEB",
"url": "https://github.com/oberonlai/form-notify/commit/9780764"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/form-notify/tags/1.1.08/src/APIs/Line/Login/Route.php#L116-L118"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/form-notify/tags/1.1.08/src/APIs/Line/Login/User.php#L53"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/form-notify/tags/1.1.08/src/APIs/Line/Login/User.php#L72"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/form-notify/trunk/src/APIs/Line/Login/Route.php#L116-L118"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/form-notify/trunk/src/APIs/Line/Login/User.php#L53"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/form-notify/trunk/src/APIs/Line/Login/User.php#L72"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3517908%40form-notify\u0026new=3517908%40form-notify\u0026sfp_email=\u0026sfph_mail="
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2f0a7d6f-9b95-4052-bab3-85aca01f6ab7?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6CQ5-8CJ7-G558
Vulnerability from github – Published: 2022-12-22 20:01 – Updated: 2022-12-29 21:31Impact
When an application uses (1) multiple session cookies (e.g., one for user pages and one for admin pages) and (2) a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler, then if an attacker gets one session cookie (e.g., one for user pages), they may be able to access pages that require another session cookie (e.g., for admin pages).
Patches
Upgrade to version 4.2.11 or later.
Workarounds
- Use only one session cookie.
References
- https://codeigniter4.github.io/userguide/libraries/sessions.html#session-drivers
For more information
If you have any questions or comments about this advisory: * Open an issue in codeigniter4/CodeIgniter4 * Email us at SECURITY.md
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "codeigniter4/framework"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.2.11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-46170"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-22T20:01:18Z",
"nvd_published_at": "2022-12-22T19:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nWhen an application uses (1) multiple session cookies (e.g., one for user pages and one for admin pages) and (2) a session handler is set to `DatabaseHandler`, `MemcachedHandler`, or `RedisHandler`, then if an attacker gets one session cookie (e.g., one for user pages), they may be able to access pages that require another session cookie (e.g., for admin pages).\n\n### Patches\nUpgrade to version 4.2.11 or later.\n\n### Workarounds\n- Use only one session cookie.\n\n### References\n- https://codeigniter4.github.io/userguide/libraries/sessions.html#session-drivers\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [codeigniter4/CodeIgniter4](https://github.com/codeigniter4/CodeIgniter4/issues)\n* Email us at [SECURITY.md](https://github.com/codeigniter4/CodeIgniter4/blob/develop/SECURITY.md)\n",
"id": "GHSA-6cq5-8cj7-g558",
"modified": "2022-12-29T21:31:13Z",
"published": "2022-12-22T20:01:18Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-6cq5-8cj7-g558"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46170"
},
{
"type": "WEB",
"url": "https://github.com/codeigniter4/CodeIgniter4/commit/f9fb6574fbeb5a4aa63f7ea87296523e10db9328"
},
{
"type": "WEB",
"url": "https://codeigniter4.github.io/userguide/libraries/sessions.html#session-drivers"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/codeigniter4/framework/CVE-2022-46170.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/codeigniter4/CodeIgniter4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "CodeIgniter4 Potential Session Handlers Vulnerability"
}
GHSA-6CR6-R24W-PJFW
Vulnerability from github – Published: 2022-05-14 01:56 – Updated: 2022-05-14 01:56An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files.
{
"affected": [],
"aliases": [
"CVE-2018-18061"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-10T21:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files.",
"id": "GHSA-6cr6-r24w-pjfw",
"modified": "2022-05-14T01:56:08Z",
"published": "2022-05-14T01:56:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18061"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2018/Oct/25"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6CWC-7J5R-RWVF
Vulnerability from github – Published: 2022-12-09 15:30 – Updated: 2022-12-12 18:30A vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions. This issue affects: Secomea GateManager versions from 9.4 through 9.7.
{
"affected": [],
"aliases": [
"CVE-2022-2752"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-09T14:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions. This issue affects: Secomea GateManager versions from 9.4 through 9.7.",
"id": "GHSA-6cwc-7j5r-rwvf",
"modified": "2022-12-12T18:30:28Z",
"published": "2022-12-09T15:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2752"
},
{
"type": "WEB",
"url": "https://www.secomea.com/support/cybersecurity-advisory"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6CX9-PWGJ-7M88
Vulnerability from github – Published: 2022-05-14 02:39 – Updated: 2022-05-14 02:39Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter.
{
"affected": [],
"aliases": [
"CVE-2008-6045"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-02-03T11:30:00Z",
"severity": "MODERATE"
},
"details": "Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter.",
"id": "GHSA-6cx9-pwgj-7m88",
"modified": "2022-05-14T02:39:16Z",
"published": "2022-05-14T02:39:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-6045"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45341"
},
{
"type": "WEB",
"url": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls54"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/496583/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/496588/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/31313"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-6F58-J323-6472
Vulnerability from github – Published: 2023-10-31 22:23 – Updated: 2025-11-10 21:56Impact
As old password can be set as new password , it is considered as password policy violation.
Pimcore is not enforcing strict password policy which allow attacker to set old password as new password
Proof of Concept 1. Go to Admin link 2. login and click on -> "User | My Profile". 3. Go to change password now put old password as new password and click save.
Patches
https://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea.patch
Workarounds
Update to version 1.2.0 or apply this patches manually https://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea.patch
References
https://huntr.com/bounties/b031199d-192a-46e5-8c02-f7284ad74021/
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "pimcore/admin-ui-classic-bundle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.0-RC1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-5844"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-620"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-31T22:23:18Z",
"nvd_published_at": "2023-10-30T11:15:39Z",
"severity": "MODERATE"
},
"details": "### Impact\nAs old password can be set as new password , it is considered as password policy violation.\n\nPimcore is not enforcing strict password policy which allow attacker to set old password as new password\n\nProof of Concept\n1. Go to Admin link\n2. login and click on -\u003e \"User | My Profile\".\n3. Go to change password now put old password as new password and click save.\n\n### Patches\nhttps://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea.patch\n\n### Workarounds\nUpdate to version 1.2.0 or apply this patches manually\nhttps://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea.patch\n\n### References\nhttps://huntr.com/bounties/b031199d-192a-46e5-8c02-f7284ad74021/",
"id": "GHSA-6f58-j323-6472",
"modified": "2025-11-10T21:56:15Z",
"published": "2023-10-31T22:23:18Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-6f58-j323-6472"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5844"
},
{
"type": "WEB",
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea"
},
{
"type": "PACKAGE",
"url": "https://github.com/pimcore/admin-ui-classic-bundle"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/b031199d-192a-46e5-8c02-f7284ad74021"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "pimcore/admin-ui-classic-bundle Unverified Password Change"
}
Mitigation
Strategy: Libraries or Frameworks
Use an authentication framework or library such as the OWASP ESAPI Authentication feature.
CAPEC-114: Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.
CAPEC-115: Authentication Bypass
An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.
CAPEC-151: Identity Spoofing
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.
CAPEC-194: Fake the Source of Data
An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
CAPEC-22: Exploiting Trust in Client
An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.
CAPEC-593: Session Hijacking
This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.
CAPEC-633: Token Impersonation
An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.
CAPEC-650: Upload a Web Shell to a Web Server
By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.
CAPEC-94: Adversary in the Middle (AiTM)
An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.