CAPEC-36 : Using Unpublished Interfaces or Functionality
An adversary searches for and invokes interfaces or functionality that the target system designers did not intend to be publicly available. If interfaces fail to authenticate requests, the attacker may be able to invoke functionality they are not authorized for.
https://capec.mitre.org/data/definitions/36.htmlRelated CWE definitions
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
The product uses low-level functionality that is explicitly prohibited by the framework or specification under which the product is supposed to operate.
The device includes chicken bits or undocumented features that can create entry points for unauthorized actors.
Please note that CAPEC definitions are provided as a quick reference only.
Visit http://capec.mitre.org/ for a complete list of CAPEC entries
and more information.