CWE-302
Authentication Bypass by Assumed-Immutable Data
AI Translation Available
The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.
Status
incomplete
Abstraction
base
Affected Platforms
Not Technology-Specific
Web Based
Technical Details
AI Translation
Common Consequences
access control
Impacts
bypass protection mechanism
Potential Mitigations
Phases:
architecture and design
operation
implementation
Descriptions:
•
Implement proper protection for immutable data (e.g. environment variable, hidden form fields, etc.)