Client Controlled Lock Flag Manipulation
Variants:
Direct
Also Known As:
Account-Lock Bypass via Parameter Tampering
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Application
Affected Mechanisms:
Secure Design
Invented In:
01/02/2000
Added In:
09/12/2014
Vector Operation Method:
Attackers can ignore the effects of a failed-login account lock mechanism by manipulating lock flags that originate from the client-side.