CWE-309 - Use of Password System for Primary Authentication
- Abstraction:Base
- Structure:Simple
- Status:Draft
- Release Date:2006-07-19
- Latest Modification Date:2023-06-29
Weakness Name
Use of Password System for Primary Authentication
Description
The use of password systems as the primary means of authentication may be subject to several flaws or shortcomings, each reducing the effectiveness of the mechanism.
Common Consequences
Scope: Access Control
Impact: Bypass Protection Mechanism, Gain Privileges or Assume Identity
Notes: A password authentication mechanism error will almost always result in attackers being authorized as valid users.
Related Weaknesses
CWE-308Use of Single-factor AuthenticationHigh