CWE-304 - Missing Critical Step in Authentication
CWE-304
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Draft
- Weakness Name
Missing Critical Step in Authentication
- Description
The product implements an authentication technique, but it skips a step that weakens the technique.
Authentication techniques should follow the algorithms that define them exactly, otherwise authentication can be bypassed or more easily subjected to brute force attacks.
- Common Consequences
Scope: Access Control, Integrity, Confidentiality
Impact: Bypass Protection Mechanism, Gain Privileges or Assume Identity, Read Application Data, Execute Unauthorized Code or Commands
Notes: This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or allowing attackers to execute arbitrary code.
- Related Weaknesses
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2023-10-26
Free security scan for your website