[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 909 Download | Alert*

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

The software performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor.

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.

This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

The use of IP addresses as authentication is flawed and can easily be spoofed by malicious users.

The use of self-reported DNS names as authentication is flawed and can easily be spoofed by malicious users.

The referer field in HTTP requests can be easily modified and, as such, is not a valid means of message integrity checking.

A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Pages:      Start    12    13    14    15    16    17    18    19    20    21    22    23    24    25    ..   90

© SecPod Technologies