Category: SFP Secondary Cluster: Authentication Bypass
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Authentication Bypass cluster.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-287 | Improper Authentication | Improper Authentication occurs when a system fails to properly verify a user's claimed identity, allowing access without sufficient proof of who they are. |
| CWE-288 | Authentication Bypass Using an Alternate Path or Channel | This vulnerability occurs when a system has a primary login requirement, but attackers can find an unprotected backdoor or alternative route that completely bypasses those checks. |
| CWE-289 | Authentication Bypass by Alternate Name | This vulnerability occurs when a system checks access based on a resource or user name, but fails to account for all the different names or aliases that could refer to the same entity, allowing attackers to bypass authentication. |
| CWE-303 | Incorrect Implementation of Authentication Algorithm | This weakness occurs when a developer implements a standard authentication algorithm, but makes critical mistakes in the code that cause it to function incorrectly. |
| CWE-304 | Missing Critical Step in Authentication | This vulnerability occurs when a software authentication process omits a required step, weakening its overall security. |
| CWE-305 | Authentication Bypass by Primary Weakness | This vulnerability occurs when a system's core authentication logic is technically correct, but an attacker can completely bypass it by exploiting a separate, more fundamental flaw in the application. |
| CWE-308 | Use of Single-factor Authentication | Relying solely on single-factor authentication, like a password, exposes systems to significant security risks because it depends on only one type of proof for verifying a user's identity. |
| CWE-309 | Use of Password System for Primary Authentication | This weakness occurs when an application relies solely on password-based authentication as its main security gate. This single-factor approach is inherently vulnerable to a range of attacks that can compromise user accounts. |
| CWE-603 | Use of Client-Side Authentication | This vulnerability occurs when an application places its authentication logic solely within the client-side code, such as in a mobile app or web browser, without enforcing the same checks on the server. Attackers can bypass authentication by modifying the client to skip these checks entirely. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.