CWE-304 - Missing Critical Step in Authentication
- Abstraction:Base
- Structure:Simple
- Status:Draft
- Release Date:2006-07-19
- Latest Modification Date:2023-10-26
Weakness Name
Missing Critical Step in Authentication
Description
The product implements an authentication technique, but it skips a step that weakens the technique.
Authentication techniques should follow the algorithms that define them exactly, otherwise authentication can be bypassed or more easily subjected to brute force attacks.
Common Consequences
Scope: Access Control, Integrity, Confidentiality
Impact: Bypass Protection Mechanism, Gain Privileges or Assume Identity, Read Application Data, Execute Unauthorized Code or Commands
Notes: This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or allowing attackers to execute arbitrary code.