Home > CAPEC List > CAPEC-232: Exploitation of Authorization (Version 2.9)  

CAPEC CATEGORY: Exploitation of Authorization

Exploitation of Authorization
Definition in a New Window Definition in a New Window
Category ID: 232
Status: Deprecated
+ Description


An attacker actively targets exploitation of weaknesses, limitations and assumptions in the mechanisms a target utilizes to manage access to its resources or authorize utilization of its functionality. Such exploitation can lead to the complete subversion of any control the target has over its data or functionality enabling almost any desired action on the part of the attacker. Weaknesses targeted by these sorts of attacks are often due to three primary factors: 1) a fundamental dependence on authentication mechanisms being effective; 2) a lack of effective control over the separation of privilege between various entities; and 3) assumptions and over confidence in the strength or rigor of the implemented authorization mechanisms.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
CAPEC Content TeamThe MITRE Corporation2015-12-07Updated Related_Weaknesses, RelationshipsInternal
CAPEC Content TeamThe MITRE Corporation2017-01-09Updated RelationshipsInternal

More information is available — Please select a different filter.
Page Last Updated or Reviewed: December 07, 2015