CWE-306 - Missing Authentication for Critical Function
CWE-306 High
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Draft
- Weakness Name
Missing Authentication for Critical Function
- Description
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
- Common Consequences
Scope: Access Control, Other
Impact: Gain Privileges or Assume Identity, Varies by Context
Notes: Exposing critical functionality essentially provides an attacker with the privilege level of that functionality. The consequences will depend on the associated functionality, but they can range from reading or modifying sensitive data, accessing administrative or other privileged functionality, or possibly even executing arbitrary code.
- Related Weaknesses
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2024-07-16
Free security scan for your website