CWE-303

Base Abstraction Level
Pillar — Highest-level weakness category
Class — Abstract, language-independent
Base — Specific enough to detect
Variant — Tied to specific technology
Compound — Requires multiple weaknesses
Draft MITRE CWE Status
Stable — Fully reviewed and complete
Draft — Under development, may change
Incomplete — Partially defined by MITRE
Deprecated — No longer recommended
Obsolete — Replaced by another CWE
Incorrect Implementation of Authentication Algorithm

Description

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

This incorrect implementation may allow authentication to be bypassed.

Top Monitored CVEs

Consequences

Access Control — Bypass Protection Mechanism