CWE

Authentication Bypass Issues

ID: 592		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: INCOMPLETE
Abstraction Type: Class

Description

The software does not properly perform authentication, allowing it to be bypassed through various methods.

Applicable Platforms
None

Time Of Introduction

• Architecture and Design
• Implementation
• Operation

Related Attack Patterns

• CAPEC-115

Common Consequences

Scope	Technical Impact	Notes
Access_Control	Bypass protection mechanism Gain privileges / assume identity

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWE	Type	View	Chain
CWE-592 ChildOf CWE-898	Category	CWE-888

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
OWASP Top Ten 2004	A3	Broken Authentication and Session Management	CWE_More_Specific

References:

1. Mark Dowd John McDonald Justin Schuh .The Art of Software Security Assessment 1st Edition. Addison Wesley. Section:'Chapter 2, "Untrustworthy Credentials", Page 37.'. Published on 2006.