CWE-304

Missing Critical Step in Authentication

AI Translation Available

The product implements an authentication technique, but it skips a step that weakens the technique.

Status

draft

Abstraction

base

Affected Platforms

Extended Description

AI Translation

Authentication techniques should follow the algorithms that define them exactly, otherwise authentication can be bypassed or more easily subjected to brute force attacks.

Technical Details

AI Translation

Common Consequences

access control integrity confidentiality

Impacts

bypass protection mechanism gain privileges or assume identity read application data execute unauthorized code or commands

Detection Methods

automated static analysis

Potential Mitigations

AI Generated Translation

Common Consequences

controllo degli accessi integrità riservatezza

Impacts

elusione del meccanismo di protezione ottenere privilegi o assumere identità leggere dati applicazione eseguire codice o comandi non autorizzati

Detection Methods

analisi statica automatizzata

CWE-304

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter