logo

CWE-287 - Improper Authentication

CWE-287 High

  • Abstraction:
  • Class
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Improper Authentication

Description

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Common Consequences

Scope: Integrity, Confidentiality, Availability, Access Control

Impact: Read Application Data, Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands

Notes: This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.

Related Weaknesses
Related Alerts
  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2024-07-16

Free security scan for your website