Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE CATEGORY:Comprehensive Categorization: Access Control
Category ID:1396
Vulnerability Mapping:Prohibited
Status:Incomplete
DetailsContent HistoryObserved CVE ExamplesReports
▼Summary

Weaknesses in this category are related to access control.

▼Membership
NatureMappingTypeIDName
MemberOfProhibitedV1400Comprehensive Categorization for Software Assurance Trends
HasMemberAllowedV1004Sensitive Cookie Without 'HttpOnly' Flag
HasMemberAllowedB1021Improper Restriction of Rendered UI Layers or Frames
HasMemberAllowedV1022Use of Web Link to Untrusted Target with window.opener Access
HasMemberAllowedB1191On-Chip Debug and Test Interface With Improper Access Control
HasMemberAllowedB1220Insufficient Granularity of Access Control
HasMemberAllowedV1222Insufficient Granularity of Address Regions Protected by Register Locks
HasMemberAllowedB1224Improper Restriction of Write-Once Bit Fields
HasMemberAllowedB1230Exposure of Sensitive Information Through Metadata
HasMemberAllowedB1231Improper Prevention of Lock Bit Modification
HasMemberAllowedB1233Security-Sensitive Hardware Controls with Missing Lock Bit Protection
HasMemberAllowedB1242Inclusion of Undocumented Features or Chicken Bits
HasMemberAllowedB1243Sensitive Non-Volatile Information Not Protected During Debug
HasMemberAllowedB1244Internal Asset Exposed to Unsafe Debug Access Level or State
HasMemberAllowedB1252CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations
HasMemberAllowedB1256Improper Restriction of Software Interfaces to Hardware Features
HasMemberAllowedB1257Improper Access Control Applied to Mirrored or Aliased Memory Regions
HasMemberAllowedB1259Improper Restriction of Security Token Assignment
HasMemberAllowedB1260Improper Handling of Overlap Between Protected Memory Ranges
HasMemberAllowedB1262Improper Access Control for Register Interface
HasMemberAllowed-with-ReviewC1263Improper Physical Access Control
HasMemberAllowedB1267Policy Uses Obsolete Encoding
HasMemberAllowedB1268Policy Privileges are not Assigned Consistently Between Control and Data Agents
HasMemberAllowedB1270Generation of Incorrect Security Tokens
HasMemberAllowedB1274Improper Access Control for Volatile Memory Containing Boot Code
HasMemberAllowedV1275Sensitive Cookie with Improper SameSite Attribute
HasMemberAllowedB1276Hardware Child Block Incorrectly Connected to Parent System
HasMemberAllowedB1283Mutable Attestation or Measurement Reporting Data
HasMemberAllowedB1290Incorrect Decoding of Security Identifiers
HasMemberAllowedB1292Incorrect Conversion of Security Identifiers
HasMemberAllowed-with-ReviewC1294Insecure Security Identifier Mechanism
HasMemberAllowedB1296Incorrect Chaining or Granularity of Debug Components
HasMemberAllowedB1297Unprotected Confidential Information on Device is Accessible by OSAT Vendors
HasMemberAllowedB1299Missing Protection Mechanism for Alternate Hardware Interface
HasMemberAllowedV13ASP.NET Misconfiguration: Password in Configuration File
HasMemberAllowedB1302Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)
HasMemberAllowedB1304Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation
HasMemberAllowedB1311Improper Translation of Security Attributes by Fabric Bridge
HasMemberAllowedB1312Missing Protection for Mirrored Regions in On-Chip Fabric Firewall
HasMemberAllowedB1313Hardware Allows Activation of Test or Debug Logic at Runtime
HasMemberAllowedB1314Missing Write Protection for Parametric Data Values
HasMemberAllowedB1315Improper Setting of Bus Controlling Capability in Fabric End-point
HasMemberAllowedB1316Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges
HasMemberAllowedB1317Improper Access Control in Fabric Bridge
HasMemberAllowedB1320Improper Protection for Outbound Error Messages and Alert Signals
HasMemberAllowedB1323Improper Management of Sensitive Trace Data
HasMemberAllowedB1328Security Version Number Mutable to Older Versions
HasMemberAllowedB1334Unauthorized Error Injection Can Degrade Hardware Redundancy
HasMemberAllowed-with-ReviewC1390Weak Authentication
HasMemberAllowed-with-ReviewC1391Use of Weak Credentials
HasMemberAllowedB1392Use of Default Credentials
HasMemberAllowedB1393Use of Default Password
HasMemberAllowedB1394Use of Default Cryptographic Key
HasMemberAllowedB202Exposure of Sensitive Information Through Data Queries
HasMemberAllowedB256Plaintext Storage of a Password
HasMemberAllowedB257Storing Passwords in a Recoverable Format
HasMemberAllowedV258Empty Password in Configuration File
HasMemberAllowedV259Use of Hard-coded Password
HasMemberAllowedB260Password in Configuration File
HasMemberAllowedB261Weak Encoding for Password
HasMemberAllowedB262Not Using Password Aging
HasMemberAllowedB263Password Aging with Long Expiration
HasMemberAllowedB266Incorrect Privilege Assignment
HasMemberAllowedB267Privilege Defined With Unsafe Actions
HasMemberAllowedB268Privilege Chaining
HasMemberDiscouragedC269Improper Privilege Management
HasMemberAllowedB270Privilege Context Switching Error
HasMemberAllowed-with-ReviewC271Privilege Dropping / Lowering Errors
HasMemberAllowedB272Least Privilege Violation
HasMemberAllowedB273Improper Check for Dropped Privileges
HasMemberDiscouragedB274Improper Handling of Insufficient Privileges
HasMemberAllowedB276Incorrect Default Permissions
HasMemberAllowedV277Insecure Inherited Permissions
HasMemberAllowedV278Insecure Preserved Inherited Permissions
HasMemberAllowedV279Incorrect Execution-Assigned Permissions
HasMemberAllowedB280Improper Handling of Insufficient Permissions or Privileges
HasMemberAllowedB281Improper Preservation of Permissions
HasMemberAllowed-with-ReviewC282Improper Ownership Management
HasMemberAllowedB283Unverified Ownership
HasMemberDiscouragedP284Improper Access Control
HasMemberAllowedB301Reflection Attack in an Authentication Protocol
HasMemberDiscouragedC285Improper Authorization
HasMemberAllowed-with-ReviewC286Incorrect User Management
HasMemberDiscouragedC287Improper Authentication
HasMemberAllowedB288Authentication Bypass Using an Alternate Path or Channel
HasMemberAllowedB289Authentication Bypass by Alternate Name
HasMemberAllowedB290Authentication Bypass by Spoofing
HasMemberAllowedV291Reliance on IP Address for Authentication
HasMemberAllowedV293Using Referer Field for Authentication
HasMemberAllowedB294Authentication Bypass by Capture-replay
HasMemberAllowedB295Improper Certificate Validation
HasMemberAllowedB296Improper Following of a Certificate's Chain of Trust
HasMemberAllowedV297Improper Validation of Certificate with Host Mismatch
HasMemberAllowedV298Improper Validation of Certificate Expiration
HasMemberAllowedB299Improper Check for Certificate Revocation
HasMemberDiscouragedC300Channel Accessible by Non-Endpoint
HasMemberAllowedB302Authentication Bypass by Assumed-Immutable Data
HasMemberAllowedB303Incorrect Implementation of Authentication Algorithm
HasMemberAllowedB304Missing Critical Step in Authentication
HasMemberAllowedB305Authentication Bypass by Primary Weakness
HasMemberAllowedB306Missing Authentication for Critical Function
HasMemberAllowedB307Improper Restriction of Excessive Authentication Attempts
HasMemberAllowedB308Use of Single-factor Authentication
HasMemberAllowedB309Use of Password System for Primary Authentication
HasMemberAllowedV321Use of Hard-coded Cryptographic Key
HasMemberAllowedB322Key Exchange without Entity Authentication
HasMemberAllowedV350Reliance on Reverse DNS Resolution for a Security-Critical Action
HasMemberAllowedV370Missing Check for Certificate Revocation after Initial Check
HasMemberAllowedC384Session Fixation
HasMemberAllowedB419Unprotected Primary Channel
HasMemberAllowedB420Unprotected Alternate Channel
HasMemberAllowedB421Race Condition During Access to Alternate Channel
HasMemberAllowedV422Unprotected Windows Messaging Channel ('Shatter')
HasMemberAllowedB425Direct Request ('Forced Browsing')
HasMemberAllowed-with-ReviewC441Unintended Proxy or Intermediary ('Confused Deputy')
HasMemberAllowedV520.NET Misconfiguration: Use of Impersonation
HasMemberAllowedB521Weak Password Requirements
HasMemberAllowed-with-ReviewC522Insufficiently Protected Credentials
HasMemberAllowedB523Unprotected Transport of Credentials
HasMemberAllowedB549Missing Password Field Masking
HasMemberAllowedB551Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
HasMemberAllowedV555J2EE Misconfiguration: Plaintext Password in Configuration File
HasMemberAllowedV556ASP.NET Misconfiguration: Use of Identity Impersonation
HasMemberAllowedV566Authorization Bypass Through User-Controlled SQL Primary Key
HasMemberAllowedV593Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
HasMemberAllowedV599Missing Validation of OpenSSL Certificate
HasMemberAllowedB601URL Redirection to Untrusted Site ('Open Redirect')
HasMemberAllowedB603Use of Client-Side Authentication
HasMemberAllowedB611Improper Restriction of XML External Entity Reference
HasMemberAllowedB612Improper Authorization of Index Containing Sensitive Information
HasMemberAllowedB613Insufficient Session Expiration
HasMemberAllowedB620Unverified Password Change
HasMemberAllowedV623Unsafe ActiveX Control Marked Safe For Scripting
HasMemberAllowedB639Authorization Bypass Through User-Controlled Key
HasMemberAllowed-with-ReviewB640Weak Password Recovery Mechanism for Forgotten Password
HasMemberAllowedB645Overly Restrictive Account Lockout Mechanism
HasMemberAllowedV647Use of Non-Canonical URL Paths for Authorization Decisions
HasMemberAllowedB648Incorrect Use of Privileged APIs
HasMemberAllowedB708Incorrect Ownership Assignment
HasMemberAllowed-with-ReviewC732Incorrect Permission Assignment for Critical Resource
HasMemberAllowedB798Use of Hard-coded Credentials
HasMemberAllowedB804Guessable CAPTCHA
HasMemberAllowedB836Use of Password Hash Instead of Password for Authentication
HasMemberAllowedB842Placement of User into Incorrect Group
HasMemberAllowed-with-ReviewC862Missing Authorization
HasMemberAllowed-with-ReviewC863Incorrect Authorization
HasMemberAllowedV9J2EE Misconfiguration: Weak Access Permissions for EJB Methods
HasMemberAllowedB918Server-Side Request Forgery (SSRF)
HasMemberAllowedB921Storage of Sensitive Data in a Mechanism without Access Control
HasMemberAllowed-with-ReviewC923Improper Restriction of Communication Channel to Intended Endpoints
HasMemberAllowedV925Improper Verification of Intent by Broadcast Receiver
HasMemberAllowedV926Improper Export of Android Application Components
HasMemberAllowedV927Use of Implicit Intent for Sensitive Communication
HasMemberAllowedB939Improper Authorization in Handler for Custom URL Scheme
HasMemberAllowedB940Improper Verification of Source of a Communication Channel
HasMemberAllowedB941Incorrectly Specified Destination in a Communication Channel
HasMemberAllowedV942Permissive Cross-domain Policy with Untrusted Domains
Nature: MemberOf
Mapping: Prohibited
Type: View
ID: 1400
Name: Comprehensive Categorization for Software Assurance Trends
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 1004
Name: Sensitive Cookie Without 'HttpOnly' Flag
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1021
Name: Improper Restriction of Rendered UI Layers or Frames
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 1022
Name: Use of Web Link to Untrusted Target with window.opener Access
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1191
Name: On-Chip Debug and Test Interface With Improper Access Control
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1220
Name: Insufficient Granularity of Access Control
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 1222
Name: Insufficient Granularity of Address Regions Protected by Register Locks
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1224
Name: Improper Restriction of Write-Once Bit Fields
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1230
Name: Exposure of Sensitive Information Through Metadata
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1231
Name: Improper Prevention of Lock Bit Modification
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1233
Name: Security-Sensitive Hardware Controls with Missing Lock Bit Protection
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1242
Name: Inclusion of Undocumented Features or Chicken Bits
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1243
Name: Sensitive Non-Volatile Information Not Protected During Debug
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1244
Name: Internal Asset Exposed to Unsafe Debug Access Level or State
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1252
Name: CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1256
Name: Improper Restriction of Software Interfaces to Hardware Features
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1257
Name: Improper Access Control Applied to Mirrored or Aliased Memory Regions
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1259
Name: Improper Restriction of Security Token Assignment
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1260
Name: Improper Handling of Overlap Between Protected Memory Ranges
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1262
Name: Improper Access Control for Register Interface
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 1263
Name: Improper Physical Access Control
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1267
Name: Policy Uses Obsolete Encoding
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1268
Name: Policy Privileges are not Assigned Consistently Between Control and Data Agents
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1270
Name: Generation of Incorrect Security Tokens
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1274
Name: Improper Access Control for Volatile Memory Containing Boot Code
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 1275
Name: Sensitive Cookie with Improper SameSite Attribute
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1276
Name: Hardware Child Block Incorrectly Connected to Parent System
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1283
Name: Mutable Attestation or Measurement Reporting Data
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1290
Name: Incorrect Decoding of Security Identifiers
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1292
Name: Incorrect Conversion of Security Identifiers
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 1294
Name: Insecure Security Identifier Mechanism
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1296
Name: Incorrect Chaining or Granularity of Debug Components
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1297
Name: Unprotected Confidential Information on Device is Accessible by OSAT Vendors
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1299
Name: Missing Protection Mechanism for Alternate Hardware Interface
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 13
Name: ASP.NET Misconfiguration: Password in Configuration File
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1302
Name: Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1304
Name: Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1311
Name: Improper Translation of Security Attributes by Fabric Bridge
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1312
Name: Missing Protection for Mirrored Regions in On-Chip Fabric Firewall
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1313
Name: Hardware Allows Activation of Test or Debug Logic at Runtime
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1314
Name: Missing Write Protection for Parametric Data Values
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1315
Name: Improper Setting of Bus Controlling Capability in Fabric End-point
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1316
Name: Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1317
Name: Improper Access Control in Fabric Bridge
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1320
Name: Improper Protection for Outbound Error Messages and Alert Signals
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1323
Name: Improper Management of Sensitive Trace Data
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1328
Name: Security Version Number Mutable to Older Versions
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1334
Name: Unauthorized Error Injection Can Degrade Hardware Redundancy
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 1390
Name: Weak Authentication
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 1391
Name: Use of Weak Credentials
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1392
Name: Use of Default Credentials
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1393
Name: Use of Default Password
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1394
Name: Use of Default Cryptographic Key
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 202
Name: Exposure of Sensitive Information Through Data Queries
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 256
Name: Plaintext Storage of a Password
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 257
Name: Storing Passwords in a Recoverable Format
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 258
Name: Empty Password in Configuration File
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 259
Name: Use of Hard-coded Password
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 260
Name: Password in Configuration File
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 261
Name: Weak Encoding for Password
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 262
Name: Not Using Password Aging
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 263
Name: Password Aging with Long Expiration
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 266
Name: Incorrect Privilege Assignment
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 267
Name: Privilege Defined With Unsafe Actions
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 268
Name: Privilege Chaining
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 269
Name: Improper Privilege Management
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 270
Name: Privilege Context Switching Error
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 271
Name: Privilege Dropping / Lowering Errors
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 272
Name: Least Privilege Violation
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 273
Name: Improper Check for Dropped Privileges
Nature: HasMember
Mapping: Discouraged
Type: Base
ID: 274
Name: Improper Handling of Insufficient Privileges
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 276
Name: Incorrect Default Permissions
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 277
Name: Insecure Inherited Permissions
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 278
Name: Insecure Preserved Inherited Permissions
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 279
Name: Incorrect Execution-Assigned Permissions
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 280
Name: Improper Handling of Insufficient Permissions or Privileges
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 281
Name: Improper Preservation of Permissions
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 282
Name: Improper Ownership Management
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 283
Name: Unverified Ownership
Nature: HasMember
Mapping: Discouraged
Type: Pillar
ID: 284
Name: Improper Access Control
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 301
Name: Reflection Attack in an Authentication Protocol
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 285
Name: Improper Authorization
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 286
Name: Incorrect User Management
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 287
Name: Improper Authentication
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 288
Name: Authentication Bypass Using an Alternate Path or Channel
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 289
Name: Authentication Bypass by Alternate Name
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 290
Name: Authentication Bypass by Spoofing
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 291
Name: Reliance on IP Address for Authentication
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 293
Name: Using Referer Field for Authentication
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 294
Name: Authentication Bypass by Capture-replay
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 295
Name: Improper Certificate Validation
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 296
Name: Improper Following of a Certificate's Chain of Trust
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 297
Name: Improper Validation of Certificate with Host Mismatch
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 298
Name: Improper Validation of Certificate Expiration
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 299
Name: Improper Check for Certificate Revocation
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 300
Name: Channel Accessible by Non-Endpoint
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 302
Name: Authentication Bypass by Assumed-Immutable Data
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 303
Name: Incorrect Implementation of Authentication Algorithm
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 304
Name: Missing Critical Step in Authentication
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 305
Name: Authentication Bypass by Primary Weakness
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 306
Name: Missing Authentication for Critical Function
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 307
Name: Improper Restriction of Excessive Authentication Attempts
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 308
Name: Use of Single-factor Authentication
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 309
Name: Use of Password System for Primary Authentication
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 321
Name: Use of Hard-coded Cryptographic Key
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 322
Name: Key Exchange without Entity Authentication
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 350
Name: Reliance on Reverse DNS Resolution for a Security-Critical Action
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 370
Name: Missing Check for Certificate Revocation after Initial Check
Nature: HasMember
Mapping: Allowed
Type: Compound
ID: 384
Name: Session Fixation
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 419
Name: Unprotected Primary Channel
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 420
Name: Unprotected Alternate Channel
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 421
Name: Race Condition During Access to Alternate Channel
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 422
Name: Unprotected Windows Messaging Channel ('Shatter')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 425
Name: Direct Request ('Forced Browsing')
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 441
Name: Unintended Proxy or Intermediary ('Confused Deputy')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 520
Name: .NET Misconfiguration: Use of Impersonation
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 521
Name: Weak Password Requirements
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 522
Name: Insufficiently Protected Credentials
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 523
Name: Unprotected Transport of Credentials
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 549
Name: Missing Password Field Masking
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 551
Name: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 555
Name: J2EE Misconfiguration: Plaintext Password in Configuration File
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 556
Name: ASP.NET Misconfiguration: Use of Identity Impersonation
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 566
Name: Authorization Bypass Through User-Controlled SQL Primary Key
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 593
Name: Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 599
Name: Missing Validation of OpenSSL Certificate
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 601
Name: URL Redirection to Untrusted Site ('Open Redirect')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 603
Name: Use of Client-Side Authentication
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 611
Name: Improper Restriction of XML External Entity Reference
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 612
Name: Improper Authorization of Index Containing Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 613
Name: Insufficient Session Expiration
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 620
Name: Unverified Password Change
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 623
Name: Unsafe ActiveX Control Marked Safe For Scripting
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 639
Name: Authorization Bypass Through User-Controlled Key
Nature: HasMember
Mapping: Allowed-with-Review
Type: Base
ID: 640
Name: Weak Password Recovery Mechanism for Forgotten Password
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 645
Name: Overly Restrictive Account Lockout Mechanism
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 647
Name: Use of Non-Canonical URL Paths for Authorization Decisions
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 648
Name: Incorrect Use of Privileged APIs
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 708
Name: Incorrect Ownership Assignment
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 732
Name: Incorrect Permission Assignment for Critical Resource
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 798
Name: Use of Hard-coded Credentials
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 804
Name: Guessable CAPTCHA
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 836
Name: Use of Password Hash Instead of Password for Authentication
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 842
Name: Placement of User into Incorrect Group
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 862
Name: Missing Authorization
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 863
Name: Incorrect Authorization
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 9
Name: J2EE Misconfiguration: Weak Access Permissions for EJB Methods
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 918
Name: Server-Side Request Forgery (SSRF)
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 921
Name: Storage of Sensitive Data in a Mechanism without Access Control
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 923
Name: Improper Restriction of Communication Channel to Intended Endpoints
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 925
Name: Improper Verification of Intent by Broadcast Receiver
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 926
Name: Improper Export of Android Application Components
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 927
Name: Use of Implicit Intent for Sensitive Communication
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 939
Name: Improper Authorization in Handler for Custom URL Scheme
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 940
Name: Improper Verification of Source of a Communication Channel
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 941
Name: Incorrectly Specified Destination in a Communication Channel
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 942
Name: Permissive Cross-domain Policy with Untrusted Domains
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:
Rationale:

This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves [REF-1330].

Comments:

See member weaknesses of this category.

▼Notes
▼Taxonomy Mappings
Taxonomy NameEntry IDFitEntry Name
▼References
Reference ID: REF-1330
Title: CVE --> CWE Mapping Guidance - Quick Tips
Version: v4.15
Author: MITRE
Publication:
Publisher:
Edition:
URL:https://cwe.mitre.org/documents/cwe_usage/quick_tips.html
URL Date:
Day:25
Month:03
Year:2021
Details not found