Authentication mechanism absence or evasion - Security Image
Description
It is possible to eliminate the use of the image and security phrase at user login.
Impact
Remove image and security phrase which can facilitate other types of attacks.
Recommendation
Make sure that only one number of an existing image can be sent so that the image and passphrase function is not eliminated.
Threat
User authenticated from the Internet.
Expected Remediation Time
⏱️ 240 minutes.
Requirements
227 - Display access notification228 - Authenticate using standard protocols229 - Request access credentials231 - Implement a biometric verification component235 - Define credential interface264 - Request authentication323 - Exclude unverifiable filesFixes
Score
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
N
Attack complexity
L
Attack requirements
N
Privileges required
L
User interaction
N
Confidentiality (VC)
N
Integrity (VI)
L
Availability (VA)
N
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
X
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N