Bugtraq mailing list archives
Re: stick with "anonymous" or "authenticated" when describing
From: "Steven M. Christey" <coley () mitre org>
Date: Thu, 23 Dec 2004 13:25:36 -0500 (EST)
"Jonathan G. Lampe" <jonathan.lampe () standardnetworks ! com> said:
So...I'd stick with "anonymous" or "authenticated" [instead of "credentialed"] when describing attacks on servers.
Based on what I've seen emerging in researcher reports and vulnerability databases/notification services, the terms "authenticated user" and "unauthenticated attacker" are emerging with increasing regularity, especially in "remote" cases (i.e. "remote authenticated user" and "remote unauthenticated attacker.") CVE descriptions are moving in this direction. The "pre-authentication" term is also emerging for cases in which the software requires authentication, but the vulnerability appears before that authentication has taken place. Obviously not all software uses authentication, so this isn't exactly the same thing as "unauthenticated" attacks. - Steve
Current thread:
- Re: stick with "anonymous" or "authenticated" when describing Steven M. Christey (Dec 23)