The process of validating a user’s credentials.

The attribute that measures the complexity of the attestation that is required to exploit the vulnerability. The values are Multiple, Single, and None.

The process of determining the identity of a user attempting to access a network. Authentication occurs through challenge/response, time-based code sequences, or other techniques. Authentication typically involves the use of a password, certificate, PIN, or other information that can be used to validate identity over a computer network. See also CHAP (Challenge Handshake Authentication Protocol), PAP (Password Authentication Protocol).

The process by which a system identifies an individual or a computer to make sure that the user or computer is who they claim to be. An Enforcer checks whether a client is allowed by reviewing a list of trusted client IP ranges. If the client is not within an acceptable range, the Enforcer sends an authentication packet to the Agent. See also Authentication port.

Identifies whether the exploit of a vulnerability requires the presentation of some sort of credentials, aside from system logon, before attack. The possible values for this field are: Required, Not Required, and Unknown.