The IT Law Wiki

Insufficient authentication/authorization

< Insufficient authentication

32,080pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

Insufficient authentication/authorization may result from

weak passwords [that] are used or are poorly protected. Insufficient authentication/authorization is prevalent as it is assumed that interfaces will only be exposed to users on internal networks and not to external users on other networks. Deficiencies are often found to be present across all interfaces. Many Issues with authentication/authorization are easy to discover when examining the interface manually and can also be discovered via automated testing.[1]

References Edit

  1. OWASP, "Top 10 2014-I2 Insufficient Authentication/Authorization" (full-text).

Also on Fandom

Random Wiki