CWE-304

Missing Critical Step in Authentication

Base

Draft

Description

The product implements an authentication technique, but it skips a step that weakens the technique.

Authentication techniques should follow the algorithms that define them exactly, otherwise authentication can be bypassed or more easily subjected to brute force attacks.

Parent Weaknesses (ChildOf)

CWE-303: Incorrect Implementation of Au...

CWE-573: Improper Following of Specific...

Common Consequences

Scope

Access Control

Integrity

Confidentiality

Impact

Bypass Protection Mechanism, Gain Privileges or Assume Identity, Read Application Data, Execute Unauthorized Code or Commands

CVE-2004-2163

Shared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies.

CVE-2005-3327

Chain: Authentication bypass by skipping the first startup step as required by the protocol.

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-304

Missing Critical Step in Authentication

Description

Relationships

Common Consequences

Related CVEs

Applicable Platforms