[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Missing Critical Step in Authentication

ID: 304Date: (C)2012-05-14   (M)2022-10-10
Type: weaknessStatus: DRAFT
Abstraction Type: Base





Description

The software implements an authentication technique, but it skips a step that weakens the technique.

Extended Description

Authentication techniques should follow the algorithms that define them exactly, otherwise authentication can be bypassed or more easily subjected to brute force attacks.

Applicable Platforms
Language Class: All

Time Of Introduction

  • Architecture and Design
  • Implementation

Common Consequences

ScopeTechnical ImpactNotes
Access_Control
Integrity
Confidentiality
 		Bypass protection mechanism
Gain privileges / assume identity
Read application data
Execute unauthorized code or commands
 		This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or allowing attackers to execute arbitrary code.
 

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWETypeViewChain
CWE-304 ChildOf CWE-898 Category CWE-888  

Demonstrative Examples
None

Observed Examples

  1. CVE-2004-2163 : Shared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
PLOVER  Missing Critical Step in Authentication
 		 

References:
None
CVE    1
CVE-2021-41179

© SecPod Technologies