Activity Processors: Custom Authentication Processor: Incident - Auth Input Parameter Tampering
Complexity: Medium (3.0)
Default Response: 3x = Warn User, 5x = Captcha. 9x = 1 day Clear Inputs.
Cause: WebApp Secure provides the capability of password protecting any URL on the protected site. This means that if a user attempts to access that URL, they will be prompted to enter a username and password before the original request is allowed to be completed. This incident is triggered when a user attempts to manipulate the hidden form parameters used to handle authentication.
Behavior: Manipulating hidden input fields in a form, for whatever reason is generally considered malicious. In this case, since the form is being used to password protect a resource, it is likely that the attacker is trying to bypass the authentication by finding a vulnerability in the authentication mechanism. Depending on the modified value they submit, they could be attempting to launch a "Buffer Overflow", "XSS", "Denial of Service", "Fingerprinting", "Format String", "HTTP Response Splitting", "Integer Overflow", or "SQL injection" attack among many others.
 | Note: For information on the attack types mentioned here, go to The Web Application Security Consortium Web Site and search for the attack name to learn more about it. |
