CWE-425
AllowedDirect Request ('Forced Browsing')
Abstraction: Base · Status: Incomplete
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
269 vulnerabilities reference this CWE, most recent first.
GHSA-MCQG-VW6X-QFJX
Vulnerability from github – Published: 2026-03-22 03:30 – Updated: 2026-03-22 03:30A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. It is recommended to change the configuration settings.
{
"affected": [],
"aliases": [
"CVE-2026-4532"
],
"database_specific": {
"cwe_ids": [
"CWE-425"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-22T02:16:00Z",
"severity": "MODERATE"
},
"details": "A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. It is recommended to change the configuration settings.",
"id": "GHSA-mcqg-vw6x-qfjx",
"modified": "2026-03-22T03:30:25Z",
"published": "2026-03-22T03:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4532"
},
{
"type": "WEB",
"url": "https://code-projects.org"
},
{
"type": "WEB",
"url": "https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Simple%20Food%20Ordering%20System%20Information%20Disclosure%20%20.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.352320"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.352320"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.774338"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MF92-479X-3373
Vulnerability from github – Published: 2026-03-20 00:31 – Updated: 2026-03-20 20:42When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security: from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.8, from 7.0.0 through 7.0.3.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.security:spring-security-web"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.7.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.security:spring-security-web"
},
"ranges": [
{
"events": [
{
"introduced": "5.8.0"
},
{
"last_affected": "5.8.16"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.security:spring-security-web"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"last_affected": "6.3.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.security:spring-security-web"
},
"ranges": [
{
"events": [
{
"introduced": "6.4.0"
},
{
"last_affected": "6.4.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.security:spring-security-web"
},
"ranges": [
{
"events": [
{
"introduced": "6.5.0"
},
{
"fixed": "6.5.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.security:spring-security-web"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-22732"
],
"database_specific": {
"cwe_ids": [
"CWE-425"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-20T20:42:25Z",
"nvd_published_at": "2026-03-19T23:16:41Z",
"severity": "CRITICAL"
},
"details": "When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written.\u00a0\nThis issue affects Spring Security: from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.8, from 7.0.0 through 7.0.3.",
"id": "GHSA-mf92-479x-3373",
"modified": "2026-03-20T20:42:25Z",
"published": "2026-03-20T00:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22732"
},
{
"type": "PACKAGE",
"url": "https://github.com/spring-projects/spring-security"
},
{
"type": "WEB",
"url": "https://spring.io/security/cve-2026-22732"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Spring Security HTTP Headers Are not Written Under Some Conditions"
}
GHSA-MFX7-787G-3RP3
Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2023-04-10 21:30Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior.
{
"affected": [],
"aliases": [
"CVE-2020-35391"
],
"database_specific": {
"cwe_ids": [
"CWE-416",
"CWE-425"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-01T07:15:00Z",
"severity": "MODERATE"
},
"details": "Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device\u0027s HTTP response behavior.",
"id": "GHSA-mfx7-787g-3rp3",
"modified": "2023-04-10T21:30:22Z",
"published": "2022-05-24T17:37:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35391"
},
{
"type": "WEB",
"url": "https://medium.com/@signalhilltech/tenda-n300-authentication-bypass-via-malformed-http-request-header-5b8744ca685e"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/171773/Tenda-N300-F3-12.01.01.48-Header-Processing.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MH56-636P-HCP5
Vulnerability from github – Published: 2023-08-26 06:30 – Updated: 2024-04-09 09:31A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230809. It has been rated as problematic. This issue affects some unknown processing of the file /config/php.ini. The manipulation leads to direct request. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2023-4544"
],
"database_specific": {
"cwe_ids": [
"CWE-425"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-26T05:15:49Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230809. It has been rated as problematic. This issue affects some unknown processing of the file /config/php.ini. The manipulation leads to direct request. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-mh56-636p-hcp5",
"modified": "2024-04-09T09:31:08Z",
"published": "2023-08-26T06:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4544"
},
{
"type": "WEB",
"url": "https://github.com/jo1995hn/cve/blob/main/s856.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.238049"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.238049"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.193047"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MR56-56J8-X6R4
Vulnerability from github – Published: 2024-01-26 03:30 – Updated: 2024-10-03 09:30An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project
{
"affected": [],
"aliases": [
"CVE-2024-0456"
],
"database_specific": {
"cwe_ids": [
"CWE-285",
"CWE-425"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-26T01:15:09Z",
"severity": "MODERATE"
},
"details": "An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project ",
"id": "GHSA-mr56-56j8-x6r4",
"modified": "2024-10-03T09:30:34Z",
"published": "2024-01-26T03:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0456"
},
{
"type": "WEB",
"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/430726"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MV25-46JW-C68J
Vulnerability from github – Published: 2025-06-20 21:32 – Updated: 2025-06-20 21:32A vulnerability classified as problematic has been found in code-projects Automated Voting System 1.0. Affected is an unknown function of the file /vote.php of the component Backend. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-6352"
],
"database_specific": {
"cwe_ids": [
"CWE-425"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-20T16:15:30Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as problematic has been found in code-projects Automated Voting System 1.0. Affected is an unknown function of the file /vote.php of the component Backend. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-mv25-46jw-c68j",
"modified": "2025-06-20T21:32:06Z",
"published": "2025-06-20T21:32:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6352"
},
{
"type": "WEB",
"url": "https://code-projects.org"
},
{
"type": "WEB",
"url": "https://github.com/asd1238525/cve/blob/main/Unauthorized.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.313344"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.313344"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.597239"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-P38F-P5GW-455M
Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2022-05-13 01:43OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance), and 4.9.x before 4.9.11 (legacy), Enterprise Edition before 6.0.0 RC3 (development), 5.2.x before 5.2.11 (legacy), and 5.3.x before 5.3.6 (maintenance), and Professional Edition before 6.0.0 RC3 (development), 4.9.x before 4.9.11 (legacy) and 4.10.x before 4.10.6 (maintenance) allow remote attackers to crawl specially crafted URLs (aka "forced browsing") in order to overflow the database of the shop and consequently make it stop working. Prerequisite: the shop allows rendering empty categories to the storefront via an admin option.
{
"affected": [],
"aliases": [
"CVE-2017-14993"
],
"database_specific": {
"cwe_ids": [
"CWE-425"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-20T23:29:00Z",
"severity": "HIGH"
},
"details": "OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance), and 4.9.x before 4.9.11 (legacy), Enterprise Edition before 6.0.0 RC3 (development), 5.2.x before 5.2.11 (legacy), and 5.3.x before 5.3.6 (maintenance), and Professional Edition before 6.0.0 RC3 (development), 4.9.x before 4.9.11 (legacy) and 4.10.x before 4.10.6 (maintenance) allow remote attackers to crawl specially crafted URLs (aka \"forced browsing\") in order to overflow the database of the shop and consequently make it stop working. Prerequisite: the shop allows rendering empty categories to the storefront via an admin option.",
"id": "GHSA-p38f-p5gw-455m",
"modified": "2022-05-13T01:43:37Z",
"published": "2022-05-13T01:43:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14993"
},
{
"type": "WEB",
"url": "https://bugs.oxid-esales.com/view.php?id=6678"
},
{
"type": "WEB",
"url": "https://oxidforge.org/en/security-bulletin-2017-002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P5FQ-87JH-GJQ8
Vulnerability from github – Published: 2022-05-13 01:22 – Updated: 2022-05-13 01:22Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api).
{
"affected": [],
"aliases": [
"CVE-2019-3916"
],
"database_specific": {
"cwe_ids": [
"CWE-425"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-11T15:29:00Z",
"severity": "HIGH"
},
"details": "Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api).",
"id": "GHSA-p5fq-87jh-gjq8",
"modified": "2022-05-13T01:22:29Z",
"published": "2022-05-13T01:22:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3916"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/research/tra-2019-17"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P5QR-79PR-G4VP
Vulnerability from github – Published: 2026-03-16 15:30 – Updated: 2026-03-16 15:30Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface.
This issue has been fixed in firmware versions: 1.36 (for tcPDU), 1.67 (for LK3.5 - hardware versions: 3.5, 3.6, 3.7 and 3.8), 1.75 (for LK3.9 - hardware version 3.9) and 1.38 (for LK4 - hardware version 4.0).
{
"affected": [],
"aliases": [
"CVE-2025-15587"
],
"database_specific": {
"cwe_ids": [
"CWE-425"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-16T14:17:56Z",
"severity": "HIGH"
},
"details": "Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator\u0027s password by directly accessing a specific resource inaccessible via a graphical interface.\n\nThis issue has been fixed in firmware versions: 1.36 (for tcPDU), 1.67 (for LK3.5 - hardware versions: 3.5, 3.6, 3.7 and 3.8), 1.75 (for LK3.9 - hardware version 3.9) and\u00a01.38 (for LK4 - hardware version 4.0).",
"id": "GHSA-p5qr-79pr-g4vp",
"modified": "2026-03-16T15:30:41Z",
"published": "2026-03-16T15:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15587"
},
{
"type": "WEB",
"url": "https://cert.pl/en/posts/2026/03/CVE-2025-11500"
},
{
"type": "WEB",
"url": "https://tinycontrol.pl/en/archives/lan-controller-35/downloads/#firmware"
},
{
"type": "WEB",
"url": "https://tinycontrol.pl/en/lk39/downloads/#firmware"
},
{
"type": "WEB",
"url": "https://tinycontrol.pl/en/lk4/downloads/#firmware"
},
{
"type": "WEB",
"url": "https://tinycontrol.pl/en/tcpdu/downloads/#firmware"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-P9M2-974M-225H
Vulnerability from github – Published: 2024-07-09 12:30 – Updated: 2024-07-09 12:30A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit device configuration information of devices for which they have no privileges.
{
"affected": [],
"aliases": [
"CVE-2024-39867"
],
"database_specific": {
"cwe_ids": [
"CWE-425"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-09T12:15:17Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit device configuration information of devices for which they have no privileges.",
"id": "GHSA-p9m2-974m-225h",
"modified": "2024-07-09T12:30:57Z",
"published": "2024-07-09T12:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39867"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
Apply appropriate access control authorizations for each access to all restricted URLs, scripts or files.
Mitigation
Consider using MVC based frameworks such as Struts.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-143: Detect Unpublicized Web Pages
An adversary searches a targeted web site for web pages that have not been publicized. In doing this, the adversary may be able to gain access to information that the targeted site did not intend to make public.
CAPEC-144: Detect Unpublicized Web Services
An adversary searches a targeted web site for web services that have not been publicized. This attack can be especially dangerous since unpublished but available services may not have adequate security controls placed upon them given that an administrator may believe they are unreachable.
CAPEC-668: Key Negotiation of Bluetooth Attack (KNOB)
An adversary can exploit a flaw in Bluetooth key negotiation allowing them to decrypt information sent between two devices communicating via Bluetooth. The adversary uses an Adversary in the Middle setup to modify packets sent between the two devices during the authentication process, specifically the entropy bits. Knowledge of the number of entropy bits will allow the attacker to easily decrypt information passing over the line of communication.
CAPEC-87: Forceful Browsing
An attacker employs forceful browsing (direct URL entry) to access portions of a website that are otherwise unreachable. Usually, a front controller or similar design pattern is employed to protect access to portions of a web application. Forceful browsing enables an attacker to access information, perform privileged operations and otherwise reach sections of the web application that have been improperly protected.