Read Time:38 Second

Description

The software implements an authentication technique, but it skips a step that weakens the technique.

Authentication techniques should follow the algorithms that define them exactly, otherwise authentication can be bypassed or more easily subjected to brute force attacks.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-287
CWE-573

 

Consequences

Access Control, Integrity, Confidentiality: Bypass Protection Mechanism, Gain Privileges or Assume Identity, Read Application Data, Execute Unauthorized Code or Commands

This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or allowing attackers to execute arbitrary code.

 

Potential Mitigations

CVE References

  • CVE-2004-2163
    • Shared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies.