CWE-287 - Improper Authentication
- 摘要:Class
- 结构:Simple
- 状态:Draft
- 发布日期:2006-07-19
- 更新日期:2026-04-30
名称
Improper Authentication
描述
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
常见后果
范围:Integrity, Confidentiality, Availability, Access Control
影响:Read Application Data, Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands
注释:This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.