CWE-304 - Missing Critical Step in Authentication

CWE-304

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Missing Critical Step in Authentication

Description: The product implements an authentication technique, but it skips a step that weakens the technique.
Authentication techniques should follow the algorithms that define them exactly, otherwise authentication can be bypassed or more easily subjected to brute force attacks.

Common Consequences: Scope: Access Control, Integrity, Confidentiality
Impact: Bypass Protection Mechanism, Gain Privileges or Assume Identity, Read Application Data, Execute Unauthorized Code or Commands
Notes: This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or allowing attackers to execute arbitrary code.

Related Weaknesses

CWE-303Incorrect Implementation of Authentication Algorithm

CWE-573Improper Following of Specification by Caller

Release Date:
2006-07-19

Latest Modification Date:
2023-10-26

Free security scan for your website

Don't show website scan report rating on the leaderboard