This type of attack targets and attempts to exploit the authentication process a web site uses to verify the identity of a user, service, or application.
| Attack types | Attack description |
|---|---|
| Brute Force | Allows an attacker to guess a person's user name, password, credit card number, or cryptographic key by using an automated process of trial and error. |
| Insufficient Authentication | Allows an attacker to access a web site containing sensitive content or functions without having to properly authenticate with the web site. |
| Weak Password Recovery Validation | Allows an attacker to access a web site that provides them with the ability to illegally obtain, change, or recover another user's password. |
| Signature name | Description | More information |
|---|---|---|
| HTTP_Auth_ContainsBinary | Searches for an HTTP authentication that contains binary data. | IBM® X-Force®: HTTP request contains binary data |
| HTTP_Auth_TooLong | Detects an HTTP authorization string that is
longer than the system-configurable value for maximum HTTP authorization
length. This signature replaces HTTP_NS_Admin_Overflow. |
IBM X-Force: Netscape Enterprise and Fasttrack authentication buffer overflow |
| HTTP_Authentication | Detects HTTP Basic authentication to a web server
and logs the user names and passwords. Note: This security event is
categorized as an audit event. It does not necessarily indicate an
attack or threat on your network.
|
IBM X-Force: HTTP authentication |
| HTTP_Authentication_Format_String | Detects HTTP Basic authentication format string attack in user names and passwords. | IBM X-Force: Apache auth_ldap module multiple format strings |
| HTTP_IIS_Hit_Highlighting_Auth_Bypass | Searches for attempts to bypass security restrictions using a vulnerability in the Microsoft IIS server hit-highlighting functions. | IBM X-Force: Microsoft IIS Hit-highlighting security bypass |
| HTTP_Login_Known_User | Detects the login name and matches it with user-defined logins for well-known login names. | IBM X-Force: HTTP known user login name |
| HTTPS_ClearText_Session | Detects a valid HTTP request and response on port 443 that is not encrypted. | IBM X-Force: Unencrypted HTTP traffic over SSL has been detected |