CWE-287 - Improper Authentication
CWE-287 High
- Abstraction:
- Class
- Structure:
- Simple
- Status:
- Draft
- Weakness Name
Improper Authentication
- Description
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
- Common Consequences
Scope: Integrity, Confidentiality, Availability, Access Control
Impact: Read Application Data, Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands
Notes: This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.
- Related Weaknesses
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2024-07-16