CWE-302 - Authentication Bypass by Assumed-Immutable Data

CWE-302

Abstraction:
Base

Structure:
Simple

Status:
Incomplete

Weakness Name: Authentication Bypass by Assumed-Immutable Data

Description: The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.

Common Consequences: Scope: Access Control
Impact: Bypass Protection Mechanism

Related Weaknesses

CWE-1390Weak Authentication

CWE-807Reliance on Untrusted Inputs in a Security DecisionHigh

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard