General Information

Client Controlled Lock Counter Manipulation

Variants:
Direct 

Also Known As:
Account-Lock Bypass via Parameter Tampering

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Secure Design

Invented In:
01/02/2000

Added In:
09/12/2014


Vector Operation Method:
Attackers can ignore the effects of a failed-login account lock mechanism by manipulating failed login counters that originate from the client-side.


Direct Variant:

Client Controlled Lock Counter Manipulation

Variant Title:
Client Controlled Lock Counter Manipulation

Typical Severity:
Medium

Resources:

White Papers:

Learn More: