An attacker actively targets exploitation of weaknesses,
limitations and assumptions in the mechanisms a target utilizes to manage access
to its resources or authorize utilization of its functionality. Such
exploitation can lead to the complete subversion of any control the target has
over its data or functionality enabling almost any desired action on the part of
the attacker. Weaknesses targeted by these sorts of attacks are often due to
three primary factors: 1) a fundamental dependence on authentication mechanisms
being effective; 2) a lack of effective control over the separation of privilege
between various entities; and 3) assumptions and overconfidence in the strength
or rigor of the implemented authorization mechanisms.
Description
