Chapter 6 - Attack execution ( 2 ) P a g e | 119
Attack requirement : A . The impersonation functionality is using a back door or hidden functionality B . Minimal control on the access through that functionality ( vulnerable to brute force or bad password )
Attack process : Use the same process applied in brute force attack or bad password depending on the case
6.6 Other issues
MISCELLANEOUS
Other issues related password might be things like vulnerabilities caused by inefficient handling of errors in login process or multistage login . The storage of non-encrypted password values might also represent a serious problem which makes the usage of MD5 or SH1 necessary to eliminate such threat .
6.7 Authorization Vertical
Contextual
F . 1,1 F . 1,2 F . 1,3 F . 1 , n
Horizontal
F . m , 1 Business Logic
F . m , n
Figure 48 : Authority types