Home page logo

bugtraq logo Bugtraq mailing list archives

Re: stick with "anonymous" or "authenticated" when describing
From: "Steven M. Christey" <coley () mitre org>
Date: Thu, 23 Dec 2004 13:25:36 -0500 (EST)

"Jonathan G. Lampe" <jonathan.lampe () standardnetworks ! com> said:

So...I'd stick with "anonymous" or "authenticated" [instead of
"credentialed"] when describing attacks on servers.

Based on what I've seen emerging in researcher reports and
vulnerability databases/notification services, the terms
"authenticated user" and "unauthenticated attacker" are emerging with
increasing regularity, especially in "remote" cases (i.e. "remote
authenticated user" and "remote unauthenticated attacker.")  CVE
descriptions are moving in this direction.

The "pre-authentication" term is also emerging for cases in which the
software requires authentication, but the vulnerability appears before
that authentication has taken place.  Obviously not all software uses
authentication, so this isn't exactly the same thing as
"unauthenticated" attacks.

- Steve

  By Date           By Thread  

Current thread:
  • Re: stick with "anonymous" or "authenticated" when describing Steven M. Christey (Dec 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]