CWE-306 - Missing Authentication for Critical Function

Description: The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Common Consequences: Scope: Access Control, Other
Impact: Gain Privileges or Assume Identity, Varies by Context
Notes: Exposing critical functionality essentially provides an attacker with the privilege level of that functionality. The consequences will depend on the associated functionality, but they can range from reading or modifying sensitive data, accessing administrative or other privileged functionality, or possibly even executing arbitrary code.

CWE-306 High