An adversary searches for and invokes interfaces or functionality that the target system designers did not intend to be publicly available. If interfaces fail to authenticate requests, the attacker may be able to invoke functionality they are not authorized for.

https://capec.mitre.org/data/definitions/36.html

Related CWE definitions

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
The product uses low-level functionality that is explicitly prohibited by the framework or specification under which the product is supposed to operate.
The device includes chicken bits or undocumented features that can create entry points for unauthorized actors.
Please note that CAPEC definitions are provided as a quick reference only. Visit http://capec.mitre.org/ for a complete list of CAPEC entries and more information.
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!