CWE-289Authentication Bypass by Alternate Name

PUBLISHEDweakness record
released 2006-07-19 · last modified 2025-12-11

Metadata

CWE ID:
CWE-289
摘要:
Base
结构:
Simple
状态:
Incomplete
发布日期:
2006-07-19
更新日期:
2025-12-11

名称

Authentication Bypass by Alternate Name

描述

The product performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor.

常见后果

范围:
Access Control
影响:
Bypass Protection Mechanism

相关 CWE