Category: SFP Secondary Cluster: Missing Endpoint Authentication
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Missing Endpoint Authentication cluster (SFP30).
Membership
| ID | Name | Description |
|---|---|---|
| CWE-422 | Unprotected Windows Messaging Channel ('Shatter') | The product does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product. |
| CWE-425 | Direct Request ('Forced Browsing') | The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.