Incorrect Implementation of Authentication Algorithm
Draft Base
Structure: Simple
Description
The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.
This incorrect implementation may allow authentication to be bypassed.
Common Consequences 1
Scope: Access Control
Impact: Bypass Protection Mechanism
Observed Examples 1
CVE-2003-0750Conditional should have been an 'or' not an 'and'.
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Implementation
Related Attack Patterns
Related Weaknesses
ChildOf:
Weak Authentication (CWE-1390)
Taxonomy Mapping
- PLOVER