Description

The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.

Applicable Platforms
Language Class: All

Time Of Introduction

• Architecture and Design
• Implementation

Related Attack Patterns

• CAPEC-10
• CAPEC-13
• CAPEC-21
• CAPEC-274
• CAPEC-31
• CAPEC-39
• CAPEC-45
• CAPEC-77

Common Consequences

Detection Methods
None

Potential Mitigations

Relationships

Demonstrative Examples   (Details)

1. In the following example, an "authenticated" cookie is used to determine whether or not a user should be granted access to a system. Of course, modifying the value of a cookie on the client-side is trivial, but many developers assume that cookies are essentially immutable.

Observed Examples

1. CVE-2002-0367 : DebPloit
2. CVE-2004-0261 : Web auth
3. CVE-2002-1730 : Authentication bypass by setting certain cookies to "true".
4. CVE-2002-1734 : Authentication bypass by setting certain cookies to "true".
5. CVE-2002-2064 : Admin access by setting a cookie.
6. CVE-2002-2054 : Gain privileges by setting cookie.
7. CVE-2004-1611 : Product trusts authentication information in cookie.
8. CVE-2005-1708 : Authentication bypass by setting admin-testing variable to true.
9. CVE-2005-1787 : Bypass auth and gain privileges by setting a variable.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

References:
None