CWE-302 - Authentication Bypass by Assumed-Immutable Data
- Abstraction:Base
- Structure:Simple
- Status:Incomplete
- Release Date:2006-07-19
- Latest Modification Date:2023-06-29
Weakness Name
Authentication Bypass by Assumed-Immutable Data
Description
The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.
Common Consequences
Scope: Access Control
Impact: Bypass Protection Mechanism
Related Weaknesses
CWE-807Reliance on Untrusted Inputs in a Security DecisionHigh