CWE-289 - Authentication Bypass by Alternate Name
- Abstraction:Base
- Structure:Simple
- Status:Incomplete
- Release Date:2006-07-19
- Latest Modification Date:2023-06-29
Weakness Name
Authentication Bypass by Alternate Name
Description
The product performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor.
Common Consequences
Scope: Access Control
Impact: Bypass Protection Mechanism
