CWE-287 - Improper Authentication

CWE-287 High

Abstraction:
Class

Structure:
Simple

Status:
Draft

Weakness Name: Improper Authentication

Description: When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Common Consequences: Scope: Integrity, Confidentiality, Availability, Access Control
Impact: Read Application Data, Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands
Notes: This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.

Related Weaknesses: CWE-284Improper Access Control

Related Alerts

Access Control Issue - Improper AuthenticationHigh

Authentication Credentials CapturedMedium

Release Date:
2006-07-19

Latest Modification Date:
2024-07-16

Free security scan for your website

Don't show website scan report rating on the leaderboard