Authentication Process Vulnerability Identification

  • Yuliia Milinchuk
  • Olena Zhukova
Keywords: IDENTIFICATION, AUTHENTICATION, SENSITIVITY, AUTHENTICATION SYSTEM, CRITICITY

Abstract

The work identifies vulnerabilities in authentication processes. Some specific features of authentication systems that may expose them to the threat of completing credentials or the threat of account capture are discussed.
The most current vulnerabilities of authentication systems are systematized. The selected vulnerabilities were assessed for criticality, using the Bugcrowd's Vulnerability Rating Taxonomy vulnerability rating system, with the following criticality levels: low criticality, medium criticality, high criticality, very critical vulnerability.
It is obvious that having the most vulnerability does not hurt the authentication system. There must be a threat to this, which is an opportunity to exploit it. Vulnerability without appropriate threat may not require control but must be identified and monitored for change.

References

1. NIST SPECIAL PUBLICATION 1800-17. Retrieved from https://www.nccoe.nist.gov/publication/1800-17
2. Bugcrowd’s Vulnerability Rating Taxonomy. Retrieved from https://bugcrowd.com/vulnerability-rating-taxonomy.
Published
2020-03-25
Section
Статті