Skip to content
/ authentication-bypass Public

A threat actor may gain access to data and functionalities by bypassing the target authentication mechanism

License

AGPL-3.0 license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

qeeqbox/authentication-bypass

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
authentication-bypass.drawio
authentication-bypass.drawio
 
 
authentication-bypass.png
authentication-bypass.png
 
 

Repository files navigation

An adversary may gain access to data and functionalities by bypassing the target authentication mechanism

Example #1

  1. Threat actor requests a web application interface
  2. Sever sends a login request
  3. Threat actor adds a parameter that bypasses the authentication
  4. Sever sends the web application interface

Impact

High

Risk

  • Gain unauthorized access

Redemption

  • Validate access control

ID

0b73c51c-728c-4005-a1f1-84e303bbac1e

References

About

A threat actor may gain access to data and functionalities by bypassing the target authentication mechanism

Topics

visualization metadata authentication example vulnerability bypass qeeqbox infosecsimplified

Resources

Readme

License

AGPL-3.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Sponsor this project

 
Learn more about GitHub Sponsors