Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE CATEGORY:OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures
Category ID:1353
Vulnerability Mapping:Prohibited
Status:Incomplete
DetailsContent HistoryObserved CVE ExamplesReports
▼Summary

Weaknesses in this category are related to the A07 category "Identification and Authentication Failures" in the OWASP Top Ten 2021.

▼Membership
NatureMappingTypeIDName
MemberOfProhibitedV1344Weaknesses in OWASP Top Ten (2021)
HasMemberAllowedV259Use of Hard-coded Password
HasMemberDiscouragedC287Improper Authentication
HasMemberAllowedB288Authentication Bypass Using an Alternate Path or Channel
HasMemberAllowedB290Authentication Bypass by Spoofing
HasMemberAllowedB294Authentication Bypass by Capture-replay
HasMemberAllowedB295Improper Certificate Validation
HasMemberAllowedV297Improper Validation of Certificate with Host Mismatch
HasMemberDiscouragedC300Channel Accessible by Non-Endpoint
HasMemberAllowedB302Authentication Bypass by Assumed-Immutable Data
HasMemberAllowedB304Missing Critical Step in Authentication
HasMemberAllowedB306Missing Authentication for Critical Function
HasMemberAllowedB307Improper Restriction of Excessive Authentication Attempts
HasMemberAllowed-with-ReviewC346Origin Validation Error
HasMemberAllowedC384Session Fixation
HasMemberAllowedB521Weak Password Requirements
HasMemberAllowedB613Insufficient Session Expiration
HasMemberAllowedB620Unverified Password Change
HasMemberAllowed-with-ReviewB640Weak Password Recovery Mechanism for Forgotten Password
HasMemberAllowedB798Use of Hard-coded Credentials
HasMemberAllowedB940Improper Verification of Source of a Communication Channel
HasMemberProhibitedC1216Lockout Mechanism Errors
HasMemberProhibitedC255Credentials Management Errors
Nature: MemberOf
Mapping: Prohibited
Type: View
ID: 1344
Name: Weaknesses in OWASP Top Ten (2021)
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 259
Name: Use of Hard-coded Password
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 287
Name: Improper Authentication
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 288
Name: Authentication Bypass Using an Alternate Path or Channel
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 290
Name: Authentication Bypass by Spoofing
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 294
Name: Authentication Bypass by Capture-replay
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 295
Name: Improper Certificate Validation
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 297
Name: Improper Validation of Certificate with Host Mismatch
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 300
Name: Channel Accessible by Non-Endpoint
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 302
Name: Authentication Bypass by Assumed-Immutable Data
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 304
Name: Missing Critical Step in Authentication
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 306
Name: Missing Authentication for Critical Function
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 307
Name: Improper Restriction of Excessive Authentication Attempts
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 346
Name: Origin Validation Error
Nature: HasMember
Mapping: Allowed
Type: Compound
ID: 384
Name: Session Fixation
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 521
Name: Weak Password Requirements
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 613
Name: Insufficient Session Expiration
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 620
Name: Unverified Password Change
Nature: HasMember
Mapping: Allowed-with-Review
Type: Base
ID: 640
Name: Weak Password Recovery Mechanism for Forgotten Password
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 798
Name: Use of Hard-coded Credentials
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 940
Name: Improper Verification of Source of a Communication Channel
Nature: HasMember
Mapping: Prohibited
Type: Category
ID: 1216
Name: Lockout Mechanism Errors
Nature: HasMember
Mapping: Prohibited
Type: Category
ID: 255
Name: Credentials Management Errors
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:
Rationale:

This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.

Comments:

See member weaknesses of this category.

▼Notes
Maintenance

As of CWE 4.6, the relationships in this category were pulled directly from the CWE mappings cited in the 2021 OWASP Top Ten. These mappings include categories, which are discouraged for mapping, as well as high-level weaknesses. The CWE Program will work with OWASP to improve these mappings, possibly requiring modifications to CWE itself.

N/A

▼Taxonomy Mappings
Taxonomy NameEntry IDFitEntry Name
▼References
Reference ID: REF-1206
Title: OWASP Top 10:2021
Version: v4.15
Author:
Publication:
Publisher:OWASP
Edition:
URL:https://owasp.org/Top10/
URL Date:
Day:24
Month:09
Year:2021
Reference ID: REF-1213
Title: A07:2021 - Identification and Authentication Failures
Version: v4.15
Author:
Publication:
Publisher:OWASP
Edition:
URL:https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/
URL Date:
Day:24
Month:09
Year:2021
Details not found