Missing Critical Step in Authentication
Draft Base
Structure: Simple
Description
The product implements an authentication technique, but it skips a step that weakens the technique.
Authentication techniques should follow the algorithms that define them exactly, otherwise authentication can be bypassed or more easily subjected to brute force attacks.
Common Consequences 1
Scope: Access ControlIntegrityConfidentiality
Impact: Bypass Protection MechanismGain Privileges or Assume IdentityRead Application DataExecute Unauthorized Code or Commands
This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or allowing attackers to execute arbitrary code.
Detection Methods 1
Automated Static AnalysisHigh
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)Observed Examples 2
CVE-2004-2163Shared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies.
CVE-2005-3327Chain: Authentication bypass by skipping the first startup step as required by the protocol.
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Implementation
Related Weaknesses
Taxonomy Mapping
- PLOVER