CWE-287

Improper Authentication
AI Translation Available

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Status
draft
Abstraction
class
Likelihood
high
ICS/OT

Common Consequences

integrity confidentiality availability access control
Impacts
read application data gain privileges or assume identity execute unauthorized code or commands

Detection Methods

automated static analysis manual static analysis manual static analysis - binary or bytecode dynamic analysis with automated results interpretation dynamic analysis with manual results interpretation manual static analysis - source code automated static analysis - source code architecture or design review

Potential Mitigations

Phases:
architecture and design
Descriptions:
• Use an authentication framework or library such as the OWASP ESAPI Authentication feature.

Functional Areas

authentication