CWE-309 - Use of Password System for Primary Authentication

CWE-309 High

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Use of Password System for Primary Authentication

Description: The use of password systems as the primary means of authentication may be subject to several flaws or shortcomings, each reducing the effectiveness of the mechanism.

Common Consequences: Scope: Access Control
Impact: Bypass Protection Mechanism, Gain Privileges or Assume Identity
Notes: A password authentication mechanism error will almost always result in attackers being authorized as valid users.

Related Weaknesses

CWE-1390Weak Authentication

CWE-308Use of Single-factor AuthenticationHigh

CWE-654Reliance on a Single Factor in a Security Decision

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard