CWE-302
Authentication Bypass by Assumed-Immutable Data
Description
The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.
Consequences
Access Control
—
Bypass Protection Mechanism
Mitigations
Phase: Architecture and Design, Operation, Implementation
Implement proper protection for immutable data (e.g. environment variable, hidden form fields, etc.)