Category: SFP Secondary Cluster: Authentication Bypass
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Authentication Bypass cluster.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-287 | Improper Authentication | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
| CWE-288 | Authentication Bypass Using an Alternate Path or Channel | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
| CWE-289 | Authentication Bypass by Alternate Name | The product performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor. |
| CWE-303 | Incorrect Implementation of Authentication Algorithm | The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect. |
| CWE-304 | Missing Critical Step in Authentication | The product implements an authentication technique, but it skips a step that weakens the technique. |
| CWE-305 | Authentication Bypass by Primary Weakness | The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. |
| CWE-308 | Use of Single-factor Authentication | The use of single-factor authentication can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. |
| CWE-309 | Use of Password System for Primary Authentication | The use of password systems as the primary means of authentication may be subject to several flaws or shortcomings, each reducing the effectiveness of the mechanism. |
| CWE-603 | Use of Client-Side Authentication | A client/server product performs authentication within client code but not in server code, allowing server-side authentication to be bypassed via a modified client that omits the authentication check. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.