Common Weakness Enumeration

CWE-425

Allowed

Direct Request ('Forced Browsing')

Abstraction: Base · Status: Incomplete

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

269 vulnerabilities reference this CWE, most recent first.

GHSA-CG66-GRW3-W6J2

Vulnerability from github – Published: 2022-04-29 03:01 – Updated: 2025-01-16 21:30
VLAI
Details

phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2004-2257"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2004-12-31T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.",
  "id": "GHSA-cg66-grw3-w6j2",
  "modified": "2025-01-16T21:30:53Z",
  "published": "2022-04-29T03:01:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-2257"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16814"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/12085"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1010795"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/8240"
    },
    {
      "type": "WEB",
      "url": "http://www.phpmyfaq.de/advisory_2004-07-27.php"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/10813"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CQ6F-PHQ5-PC66

Vulnerability from github – Published: 2022-05-24 16:48 – Updated: 2024-04-04 01:03
VLAI
Details

Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-12583"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-27T14:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Missing Access Control in the \"Free Time\" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.",
  "id": "GHSA-cq6f-phq5-pc66",
  "modified": "2024-04-04T01:03:18Z",
  "published": "2022-05-24T16:48:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12583"
    },
    {
      "type": "WEB",
      "url": "https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss"
    },
    {
      "type": "WEB",
      "url": "https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CRJM-JRHG-6RM3

Vulnerability from github – Published: 2022-05-24 16:50 – Updated: 2024-04-04 01:19
VLAI
Details

In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. This is related to a configuration option in which the file collection can be non-public, but this option does not apply to the thumbnailer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-13981"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-19T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. This is related to a configuration option in which the file collection can be non-public, but this option does not apply to the thumbnailer.",
  "id": "GHSA-crjm-jrhg-6rm3",
  "modified": "2024-04-04T01:19:18Z",
  "published": "2022-05-24T16:50:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13981"
    },
    {
      "type": "WEB",
      "url": "https://github.com/directus/api/issues/986"
    },
    {
      "type": "WEB",
      "url": "https://github.com/directus/api/issues/987"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CVGC-MX2W-H3W8

Vulnerability from github – Published: 2025-05-21 18:33 – Updated: 2025-05-21 20:09
VLAI
Summary
The Front End User Registration extension for TYPO3 (sr_feuser_register) allows Insecure Direct Object Reference
Details

The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference. This allows attackers to read arbitrary files.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "sjbr/sr-feuser-register"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.1.0"
            },
            {
              "fixed": "12.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-48205"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425",
      "CWE-639"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-05-21T20:09:49Z",
    "nvd_published_at": "2025-05-21T16:15:32Z",
    "severity": "HIGH"
  },
  "details": "The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference. This allows attackers to read arbitrary files.",
  "id": "GHSA-cvgc-mx2w-h3w8",
  "modified": "2025-05-21T20:09:49Z",
  "published": "2025-05-21T18:33:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48205"
    },
    {
      "type": "PACKAGE",
      "url": "https://codeberg.org/sjbr/sr-feuser-register"
    },
    {
      "type": "WEB",
      "url": "https://codeberg.org/sjbr/sr-feuser-register/commit/be44f61a475371c36b2035cbb523b56f5e34267d"
    },
    {
      "type": "WEB",
      "url": "https://typo3.org/security/advisory/typo3-ext-sa-2025-008"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "The Front End User Registration extension for TYPO3 (sr_feuser_register) allows Insecure Direct Object Reference"
}

GHSA-F4GF-WV2J-P66R

Vulnerability from github – Published: 2022-06-07 00:00 – Updated: 2022-06-18 00:00
VLAI
Details

An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-31485"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-06T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An unauthenticated attacker can send a specially crafted packets to update the \u201cnotes\u201d section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29.",
  "id": "GHSA-f4gf-wv2j-p66r",
  "modified": "2022-06-18T00:00:26Z",
  "published": "2022-06-07T00:00:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31485"
    },
    {
      "type": "WEB",
      "url": "https://www.corporate.carrier.com/product-security/advisories-resources"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F8XF-39W2-MRC6

Vulnerability from github – Published: 2024-01-22 18:31 – Updated: 2024-01-22 18:31
VLAI
Details

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-0204"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-22T18:15:20Z",
    "severity": "CRITICAL"
  },
  "details": "Authentication bypass in Fortra\u0027s GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.",
  "id": "GHSA-f8xf-39w2-mrc6",
  "modified": "2024-01-22T18:31:17Z",
  "published": "2024-01-22T18:31:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0204"
    },
    {
      "type": "WEB",
      "url": "https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml"
    },
    {
      "type": "WEB",
      "url": "https://www.fortra.com/security/advisory/fi-2024-001"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F9CP-Q3Q5-MXV9

Vulnerability from github – Published: 2022-05-13 01:22 – Updated: 2022-05-13 01:22
VLAI
Details

The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers to bypass intended access restrictions by directly navigating to admin/dashboard.php or admin/user.php, as demonstrated by disclosure of information about users and staff.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-6126"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-11T05:29:00Z",
    "severity": "HIGH"
  },
  "details": "The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers to bypass intended access restrictions by directly navigating to admin/dashboard.php or admin/user.php, as demonstrated by disclosure of information about users and staff.",
  "id": "GHSA-f9cp-q3q5-mxv9",
  "modified": "2022-05-13T01:22:36Z",
  "published": "2022-05-13T01:22:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6126"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Mad-robot/CVE-List/blob/master/Advance%20Peer%20to%20Peer%20MLM%20Script.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FC75-58R8-RM3H

Vulnerability from github – Published: 2023-10-19 15:50 – Updated: 2023-10-19 15:50
VLAI
Summary
Wagtail vulnerable to disclosure of user names via admin bulk action views
Details

Impact

A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any changes, the error message discloses the display names of user accounts, and by modifying URL parameters, the user can retrieve the display name for any user. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin.

Patches

Patched versions have been released as Wagtail 4.1.9 (LTS), 5.0.5 and 5.1.3. The fix is also included in Release Candidate 1 of the forthcoming Wagtail 5.2 release.

Workarounds

None.

Acknowledgements

Many thanks to @quyenheu for reporting this issue.

For more information

If you have any questions or comments about this advisory:

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "wagtail"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.1.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "wagtail"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.2.0"
            },
            {
              "fixed": "5.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "wagtail"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.1.0"
            },
            {
              "fixed": "5.1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-45809"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-425",
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-19T15:50:58Z",
    "nvd_published_at": "2023-10-19T19:15:15Z",
    "severity": "LOW"
  },
  "details": "### Impact\n\nA user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any changes, the error message discloses the display names of user accounts, and by modifying URL parameters, the user can retrieve the display name for any user. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin.\n\n### Patches\nPatched versions have been released as Wagtail 4.1.9 (LTS), 5.0.5 and 5.1.3. The fix is also included in Release Candidate 1 of the forthcoming Wagtail 5.2 release.\n\n### Workarounds\nNone.\n\n### Acknowledgements\nMany thanks to @quyenheu for reporting this issue.\n\n### For more information\nIf you have any questions or comments about this advisory:\n\n* Visit Wagtail\u0027s [support channels](https://docs.wagtail.io/en/stable/support.html)\n* Email us at [security@wagtail.org](mailto:security@wagtail.org) (view our [security policy](https://github.com/wagtail/wagtail/security/policy) for more information).",
  "id": "GHSA-fc75-58r8-rm3h",
  "modified": "2023-10-19T15:50:58Z",
  "published": "2023-10-19T15:50:58Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-fc75-58r8-rm3h"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45809"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wagtail/wagtail/commit/0bacd29473107d9d7f5b723a15a683449679756d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wagtail/wagtail/commit/2231f462c75dfe84307fb40577e8c2109a23b27e"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-219.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/wagtail/wagtail"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wagtail/wagtail/releases/tag/v4.1.9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wagtail/wagtail/releases/tag/v5.0.5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wagtail/wagtail/releases/tag/v5.1.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Wagtail vulnerable to disclosure of user names via admin bulk action views"
}

GHSA-FCP5-57P2-VF46

Vulnerability from github – Published: 2022-04-13 00:00 – Updated: 2022-04-20 00:00
VLAI
Details

A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-27480"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425",
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-12T09:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in SICAM A8000 CP-8031 (All versions \u003c V4.80), SICAM A8000 CP-8050 (All versions \u003c V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files.",
  "id": "GHSA-fcp5-57p2-vf46",
  "modified": "2022-04-20T00:00:50Z",
  "published": "2022-04-13T00:00:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27480"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-316850.pdf"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Apr/20"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FF7X-QRG7-QGGM

Vulnerability from github – Published: 2020-07-29 20:56 – Updated: 2022-08-11 14:58
VLAI
Summary
dot-prop Prototype Pollution vulnerability
Details

Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "dot-prop"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "dot-prop"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-8116"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-425",
      "CWE-471"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-07-29T20:51:37Z",
    "nvd_published_at": "2020-02-04T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.",
  "id": "GHSA-ff7x-qrg7-qggm",
  "modified": "2022-08-11T14:58:19Z",
  "published": "2020-07-29T20:56:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8116"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sindresorhus/dot-prop/issues/63"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sindresorhus/dot-prop/commit/3039c8c07f6fdaa8b595ec869ae0895686a7a0f2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sindresorhus/dot-prop/commit/c914124f418f55edea27928e89c94d931babe587"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/719856"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-ff7x-qrg7-qggm"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sindresorhus/dot-prop"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sindresorhus/dot-prop/tree/v4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "dot-prop Prototype Pollution vulnerability"
}

Mitigation
Architecture and Design Operation

Apply appropriate access control authorizations for each access to all restricted URLs, scripts or files.

Mitigation
Architecture and Design

Consider using MVC based frameworks such as Struts.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-143: Detect Unpublicized Web Pages

An adversary searches a targeted web site for web pages that have not been publicized. In doing this, the adversary may be able to gain access to information that the targeted site did not intend to make public.

CAPEC-144: Detect Unpublicized Web Services

An adversary searches a targeted web site for web services that have not been publicized. This attack can be especially dangerous since unpublished but available services may not have adequate security controls placed upon them given that an administrator may believe they are unreachable.

CAPEC-668: Key Negotiation of Bluetooth Attack (KNOB)

An adversary can exploit a flaw in Bluetooth key negotiation allowing them to decrypt information sent between two devices communicating via Bluetooth. The adversary uses an Adversary in the Middle setup to modify packets sent between the two devices during the authentication process, specifically the entropy bits. Knowledge of the number of entropy bits will allow the attacker to easily decrypt information passing over the line of communication.

CAPEC-87: Forceful Browsing

An attacker employs forceful browsing (direct URL entry) to access portions of a website that are otherwise unreachable. Usually, a front controller or similar design pattern is employed to protect access to portions of a web application. Forceful browsing enables an attacker to access information, perform privileged operations and otherwise reach sections of the web application that have been improperly protected.