CWE-305 – Authentication Bypass by Primary Weakness
Description The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the...
CWE-304 – Missing Critical Step in Authentication
Description The software implements an authentication technique, but it skips a step that weakens the technique. Authentication techniques should follow the algorithms that define them...
CWE-303 – Incorrect Implementation of Authentication Algorithm
Description The requirements for the software dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect. This incorrect implementation...
CWE-302 – Authentication Bypass by Assumed-Immutable Data
Description The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker....
CWE-301 – Reflection Attack in an Authentication Protocol
Description Simple authentication protocols are subject to reflection attacks if a malicious user can use the target machine to impersonate a trusted user. Modes of...
CWE-300 – Channel Accessible by Non-Endpoint
Description The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity...
CWE-30 – Path Traversal: ‘dir..filename’
Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize 'dir..filename' (leading...
CWE-299 – Improper Check for Certificate Revocation
Description The software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has...
CWE-298 – Improper Validation of Certificate Expiration
Description A certificate expiration is not validated or is incorrectly validated, so trust may be assigned to certificates that have been abandoned due to age....
CWE-297 – Improper Validation of Certificate with Host Mismatch
Description The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with...