Identification and Authentication Failures
GPTKB entity
Statements (27)
Predicate | Object |
---|---|
gptkbp:instanceOf |
Web security vulnerability
|
gptkbp:category |
Authentication vulnerabilities
Session management vulnerabilities |
gptkbp:cause |
Privilege escalation
Data breach Account compromise |
gptkbp:describedBy |
OWASP documentation
|
gptkbp:formerName |
Broken Authentication
|
https://www.w3.org/2000/01/rdf-schema#label |
Identification and Authentication Failures
|
gptkbp:includes |
gptkb:Session_fixation
Brute force attacks Credential stuffing Improper credential storage Missing multi-factor authentication Weak password policies |
gptkbp:listedOn |
gptkb:OWASP_Top_10
|
gptkbp:mitigatedBy |
Multi-factor authentication
Account lockout mechanisms Credential encryption Secure session management Strong password policies |
gptkbp:OWASPTop10Year |
2021
|
gptkbp:relatedTo |
gptkb:Broken_Access_Control
Access control |
gptkbp:riskFactor |
High
|
gptkbp:bfsParent |
gptkb:OWASP_Top_Ten
|
gptkbp:bfsLayer |
5
|