User authentication code vulnerable to tampering

From Safeval Wiki
Jump to: navigation, search

The code in the user's machine, even if compiled and protected by operating system policies, can be tampered generating false authentications responses. Client server systems, for instance, when using a single password to access the database, are authenticating the user in the user's machine. That way, an attacker can manipulate the code using a debugger or other local tool.

The user authentication functions shall be implemented, at least in part, by code in a server or in a machine out of the reach of the user.