Category: SFP Secondary Cluster: Faulty Endpoint Authentication
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Faulty Endpoint Authentication cluster (SFP29).
Membership
| ID | Name | Description |
|---|---|---|
| CWE-293 | Using Referer Field for Authentication | This vulnerability occurs when a web application uses the HTTP Referer header as a sole or primary method for authentication or authorization decisions. Since this header is entirely controlled by the user's browser or client and can be easily forged, it provides no reliable security. |
| CWE-302 | Authentication Bypass by Assumed-Immutable Data | This vulnerability occurs when an authentication system incorrectly treats certain data as unchangeable, when in fact an attacker can manipulate it to bypass login or verification checks. |
| CWE-345 | Insufficient Verification of Data Authenticity | This vulnerability occurs when an application fails to properly check where data comes from or confirm its legitimacy, allowing untrusted or forged information to be processed as valid. |
| CWE-346 | Origin Validation Error | This vulnerability occurs when an application fails to properly confirm the true origin of incoming data or communication, allowing attackers to spoof their source. |
| CWE-350 | Reliance on Reverse DNS Resolution for a Security-Critical Action | This vulnerability occurs when an application uses a reverse DNS lookup on an IP address to get a hostname and then uses that hostname for a security decision—like access control or logging—without verifying that the IP address actually belongs to that hostname. |
| CWE-360 | Trust of System Event Data | This vulnerability occurs when software blindly trusts system event data without verifying its source, allowing attackers to spoof events and manipulate application behavior. |
| CWE-551 | Incorrect Behavior Order: Authorization Before Parsing and Canonicalization | This vulnerability occurs when a web server checks access permissions before fully processing and normalizing a URL, potentially allowing attackers to bypass security controls. |
| CWE-565 | Reliance on Cookies without Validation and Integrity Checking | This vulnerability occurs when an application uses cookies to make security decisions—like granting access or changing settings—but fails to verify that the cookie data is legitimate, unaltered, and belongs to the current user. |
| CWE-647 | Use of Non-Canonical URL Paths for Authorization Decisions | This vulnerability occurs when an application's authorization logic relies on specific URL paths but fails to enforce a single, standardized format. Attackers can bypass access controls by using alternative, equivalent URL formats that the system doesn't recognize as the same protected resource. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.