Home > CAPEC List > CAPEC-232: Exploitation of Authorization (Version 2.6)  

CAPEC CATEGORY: Exploitation of Authorization

 
Exploitation of Authorization
Definition in a New Window Definition in a New Window
Category ID: 232
 
Status: Draft
+ Description

Summary

An attacker actively targets exploitation of weaknesses, limitations and assumptions in the mechanisms a target utilizes to manage access to its resources or authorize utilization of its functionality. Such exploitation can lead to the complete subversion of any control the target has over its data or functionality enabling almost any desired action on the part of the attacker. Weaknesses targeted by these sorts of attacks are often due to three primary factors: 1) a fundamental dependence on authentication mechanisms being effective; 2) a lack of effective control over the separation of privilege between various entities; and 3) assumptions and overconfidence in the strength or rigor of the implemented authorization mechanisms.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ParentOfAttack PatternAttack Pattern22Exploiting Trust in Client (aka Make the Client Invisible)
Mechanisms of Attack (primary)1000
ParentOfAttack PatternAttack Pattern30Hijacking a Privileged Thread of Execution
Mechanisms of Attack (primary)1000
ParentOfAttack PatternAttack Pattern68Subvert Code-signing Facilities
Mechanisms of Attack (primary)1000
ParentOfAttack PatternAttack Pattern69Target Programs with Elevated Privileges
Mechanisms of Attack (primary)1000
ParentOfAttack PatternAttack Pattern122Privilege Abuse
Mechanisms of Attack (primary)1000
ParentOfCategoryCategory233Privilege Escalation
Mechanisms of Attack1000
ParentOfAttack PatternAttack Pattern234Hijacking a privileged process
Mechanisms of Attack (primary)1000
ParentOfAttack PatternAttack Pattern236Catching exception throw/signal from privileged block
Mechanisms of Attack (primary)1000
MemberOfViewView1000Mechanisms of Attack
Mechanisms of Attack1000
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team

Page Last Updated: July 23, 2014