Read Time:38 Second
Description
The software implements an authentication technique, but it skips a step that weakens the technique.
Authentication techniques should follow the algorithms that define them exactly, otherwise authentication can be bypassed or more easily subjected to brute force attacks.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
Consequences
Access Control, Integrity, Confidentiality: Bypass Protection Mechanism, Gain Privileges or Assume Identity, Read Application Data, Execute Unauthorized Code or Commands
This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or allowing attackers to execute arbitrary code.
Potential Mitigations
CVE References
- CVE-2004-2163
- Shared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies.