- Brute Force – attacker iterates through multiple combinations in the hope of finding a valid username/password combination
- Man in the Middle – attacker sniffs packets from the network, modifies them, and inserts them back into the network
- Session Hijacking - attacker uses authentication tokens to seize control of a legitimate user’s session while that user is logged into the application
- Session Replay - attacker captures authentication tokens (e.g. session ID, cookies) to bypass normal authentication without the legitimate user having to be logged into the application.
Saturday, December 17, 2005
Authentication Threats
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment