Anonymous authentication
Plugin details
| Severity | High |
|---|---|
| ID | 10001 |
| Category | Authentication |
| CVSS score | 7.3 |
| CVSS link | https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Synopsis
The server resources can be accessed anonymously.
Description
The target server allows accessing resources using ‘anonymous’ identifier. Usage of this identifier prevents tracing changes of data or configuration back to user. An attacker can use the ‘anonymous’ identifier to read and write data in an unauthorized manner.
Solution
Block anonymous authentication, or restrict anonymous user access to only non-critical UA server resources.