Authentication attacks

This type of attack targets and attempts to exploit the authentication process a web site uses to verify the identity of a user, service, or application.

Types of Authentication attacks

The following types of attacks are considered authentication attacks:
Table 1. Authentication attacks
Attack types Attack description
Brute Force Allows an attacker to guess a person's user name, password, credit card number, or cryptographic key by using an automated process of trial and error.
Insufficient Authentication Allows an attacker to access a web site containing sensitive content or functions without having to properly authenticate with the web site.
Weak Password Recovery Validation Allows an attacker to access a web site that provides them with the ability to illegally obtain, change, or recover another user's password.

Signatures triggered by this attack

The signatures triggered by authentication attacks include:
Table 2. Authentication signatures
Signature name Description More information
HTTP_Auth_ContainsBinary Searches for an HTTP authentication that contains binary data. IBM® X-Force®: HTTP request contains binary data
HTTP_Auth_TooLong Detects an HTTP authorization string that is longer than the system-configurable value for maximum HTTP authorization length.

This signature replaces HTTP_NS_Admin_Overflow.

IBM X-Force: Netscape Enterprise and Fasttrack authentication buffer overflow


HTTP_Authentication Detects HTTP Basic authentication to a web server and logs the user names and passwords.
Note: This security event is categorized as an audit event. It does not necessarily indicate an attack or threat on your network.
IBM X-Force: HTTP authentication
HTTP_Authentication_Format_String Detects HTTP Basic authentication format string attack in user names and passwords. IBM X-Force: Apache auth_ldap module multiple format strings


HTTP_IIS_Hit_Highlighting_Auth_Bypass Searches for attempts to bypass security restrictions using a vulnerability in the Microsoft IIS server hit-highlighting functions. IBM X-Force: Microsoft IIS Hit-highlighting security bypass

HTTP_Login_Known_User Detects the login name and matches it with user-defined logins for well-known login names. IBM X-Force: HTTP known user login name
HTTPS_ClearText_Session Detects a valid HTTP request and response on port 443 that is not encrypted. IBM X-Force: Unencrypted HTTP traffic over SSL has been detected