logo

CWE-306 - Missing Authentication for Critical Function

CWE-306 High

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Missing Authentication for Critical Function

Description

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Common Consequences

Scope: Access Control, Other

Impact: Gain Privileges or Assume Identity, Varies by Context

Notes: Exposing critical functionality essentially provides an attacker with the privilege level of that functionality. The consequences will depend on the associated functionality, but they can range from reading or modifying sensitive data, accessing administrative or other privileged functionality, or possibly even executing arbitrary code.

Related Weaknesses
  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2024-07-16

Free security scan for your website