Multiphase Process Bypass via Forced Browsing
Variants:
Direct
Also Known As:
Flow Bypass, Insufficient Process Validation
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Application
Affected Mechanisms:
Process Flow Enforcement
Invented In:
01/01/1999
Added In:
10/12/2014
Vector Operation Method:
Attackers can bypass security restrictions of multiphase processes by skipping directly to later phases in the process. May be relevant for various types of multiphase processes, such as password recovery processes, multiphase transactions and similar processes that include a security verification.
