Authentication Bypass via HTTP Verb Tampering
Variants:
Direct
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Web Application
Affected Mechanisms:
Web Application Configuration, Authentication Enforcement
Invented In:
29/05/2008
Added In:
10/12/2014
Quick Introduction to the Topic:
Vector Operation Method:
Attackers can bypass the application authentication enforcement, by accessing protected resources using unexpected HTTP methods, such as GET, POST and HEAD.
