CWE-306 - Missing Authentication for Critical Function
- 摘要:Base
- 结构:Simple
- 状态:Draft
- 发布日期:2006-07-19
- 更新日期:2025-12-11
名称
Missing Authentication for Critical Function
描述
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
常见后果
范围:Access Control, Other
影响:Gain Privileges or Assume Identity, Varies by Context
注释:Exposing critical functionality essentially provides an attacker with the privilege level of that functionality. The consequences will depend on the associated functionality, but they can range from reading or modifying sensitive data, accessing administrative or other privileged functionality, or possibly even executing arbitrary code.