"Jonathan G. Lampe" <jonathan.lampe () standardnetworks ! com> said: >So...I'd stick with "anonymous" or "authenticated" [instead of >"credentialed"] when describing attacks on servers. Based on what I've seen emerging in researcher reports and vulnerability databases/notification services, the terms "authenticated user" and "unauthenticated attacker" are emerging with increasing regularity, especially in "remote" cases (i.e. "remote authenticated user" and "remote unauthenticated attacker.") CVE descriptions are moving in this direction. The "pre-authentication" term is also emerging for cases in which the software requires authentication, but the vulnerability appears before that authentication has taken place. Obviously not all software uses authentication, so this isn't exactly the same thing as "unauthenticated" attacks. - Steve
