Application Security Terminology


Svg Vector Icons : Return to Glossary

Insufficient Authentication

Did You Know? There’s a 8% likelihood that your website is vulnerable to Insufficient Authentication


Insufficient authentication occurs when an application permits an attacker to access sensitive content or functionality without having to proinsufficient authentication - define authenticationperly authenticate; for instance, accessing admin controls by going to the /admin directory without having to log in.

For many web applications, administrative functionality is located directly off the root directory (/admin/). This directory is typically not linked from anywhere on the website, but can still be accessed using a standard web browser. Users and developers often fail to enforce authentication, never expecting anyone to view this page because of the fact it’s not linked. With this oversight, attackers simply need to visit this page to obtain complete administrative access to the website for their malicious activities.