Broken authentication: This refers to flaws or vulnerabilities in a system’s authentication processes that could allow an unauthorized individual to assume the identity of a legitimate user. This could occur due to issues such as weak password policies, insecure account recovery methods, or improperly managed session identifiers. Once an attacker exploits these flaws, they can perform actions with the same privileges as the compromised user, potentially leading to unauthorized data access, data manipulation, or other damaging actions.
Categories: CC D3: Access Controls Concepts | CCSP D4: Cloud Application Security | CISM D3: Information Security Program | CISSP D5: Identity and Access Management (IAM) | Security+ D2: Threats Vulnerabilities and Mitigations | SSCP D2: Access Controls
« Back to Glossary Index