Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/qeeqbox/authentication-bypass
A threat actor may gain access to data and functionalities by bypassing the target authentication mechanism
https://github.com/qeeqbox/authentication-bypass
authentication bypass example infosecsimplified metadata qeeqbox visualization vulnerability
Last synced: 2 days ago
JSON representation
A threat actor may gain access to data and functionalities by bypassing the target authentication mechanism
- Host: GitHub
- URL: https://github.com/qeeqbox/authentication-bypass
- Owner: qeeqbox
- License: agpl-3.0
- Created: 2022-04-20T20:43:51.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-01-29T01:04:20.000Z (10 months ago)
- Last Synced: 2024-05-01T11:27:22.442Z (7 months ago)
- Topics: authentication, bypass, example, infosecsimplified, metadata, qeeqbox, visualization, vulnerability
- Homepage:
- Size: 75.2 KB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
An adversary may gain access to data and functionalities by bypassing the target authentication mechanism
## Example #1
1. Threat actor requests a web application interface
2. Sever sends a login request
3. Threat actor adds a parameter that bypasses the authentication
4. Sever sends the web application interface
## Impact
High
## Risk
- Gain unauthorized access
## Redemption
- Validate access control
## ID
0b73c51c-728c-4005-a1f1-84e303bbac1e
## References
- [wiki](https://itlaw.wikia.org/wiki/authentication_bypass)