Home > CAPEC List > CAPEC-225: Subvert Access Control (Version 2.9)  

CAPEC CATEGORY: Subvert Access Control

 
Subvert Access Control
Definition in a New Window Definition in a New Window
Category ID: 225
 
Status: Stable
+ Description

Summary

An attacker actively targets exploitation of weaknesses, limitations and assumptions in the mechanisms a target utilizes to manage identity and authentication as well as manage access to its resources or authorize functionality. Such exploitation can lead to the complete subversion of any trust the target system may have in the identity of any entity with which it interacts, or the complete subversion of any control the target has over its data or functionality. Weaknesses targeted by subversion of authentication mechanisms are often due to assumptions and overconfidence in the strength or rigor of the implemented authentication mechanisms. Weaknesses targeted by subversion of authorization controls are often due to three primary factors: 1) a fundamental dependence on authentication mechanisms being effective; 2) a lack of effective control over the separation of privilege between various entities; and 3) assumptions and over confidence in the strength or rigor of the implemented authorization mechanisms.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
HasMemberMeta Attack PatternMeta Attack Pattern21Exploitation of Trusted Credentials
Mechanisms of Attack (primary)1000
HasMemberMeta Attack PatternMeta Attack Pattern22Exploiting Trust in Client
Mechanisms of Attack (primary)1000
HasMemberMeta Attack PatternMeta Attack Pattern114Authentication Abuse
Mechanisms of Attack (primary)1000
HasMemberMeta Attack PatternMeta Attack Pattern115Authentication Bypass
Mechanisms of Attack (primary)1000
HasMemberMeta Attack PatternMeta Attack Pattern122Privilege Abuse
Mechanisms of Attack (primary)1000
HasMemberMeta Attack PatternMeta Attack Pattern233Privilege Escalation
Mechanisms of Attack (primary)1000
HasMemberMeta Attack PatternMeta Attack Pattern390Bypassing Physical Security
Mechanisms of Attack (primary)1000
HasMemberMeta Attack PatternMeta Attack Pattern507Physical Theft
Mechanisms of Attack (primary)1000
MemberOfViewView1000Mechanisms of Attack
Mechanisms of Attack1000
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2015-11-09Updated RelationshipsInternal
CAPEC Content TeamThe MITRE Corporation2017-01-09Updated Description, RelationshipsInternal
Previous Entry Names
DatePrevious Entry Name
2017-01-09Exploitation of Authentication

More information is available — Please select a different filter.
Page Last Updated or Reviewed: January 06, 2017