Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE CATEGORY:OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
Category ID:724
Vulnerability Mapping:Prohibited
Status:Obsolete
DetailsContent HistoryObserved CVE ExamplesReports
▼Summary

Weaknesses in this category are related to the A3 category in the OWASP Top Ten 2004.

▼Membership
NatureMappingTypeIDName
MemberOfProhibitedV711Weaknesses in OWASP Top Ten (2004)
HasMemberAllowedV259Use of Hard-coded Password
HasMemberDiscouragedC287Improper Authentication
HasMemberAllowedB296Improper Following of a Certificate's Chain of Trust
HasMemberAllowedV298Improper Validation of Certificate Expiration
HasMemberAllowedB302Authentication Bypass by Assumed-Immutable Data
HasMemberAllowedB304Missing Critical Step in Authentication
HasMemberAllowedB307Improper Restriction of Excessive Authentication Attempts
HasMemberAllowedB309Use of Password System for Primary Authentication
HasMemberDiscouragedC345Insufficient Verification of Data Authenticity
HasMemberAllowedC384Session Fixation
HasMemberAllowedB521Weak Password Requirements
HasMemberAllowed-with-ReviewC522Insufficiently Protected Credentials
HasMemberAllowedV525Use of Web Browser Cache Containing Sensitive Information
HasMemberAllowedB613Insufficient Session Expiration
HasMemberAllowedB620Unverified Password Change
HasMemberAllowed-with-ReviewB640Weak Password Recovery Mechanism for Forgotten Password
HasMemberAllowedB798Use of Hard-coded Credentials
HasMemberProhibitedC255Credentials Management Errors
Nature: MemberOf
Mapping: Prohibited
Type: View
ID: 711
Name: Weaknesses in OWASP Top Ten (2004)
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 259
Name: Use of Hard-coded Password
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 287
Name: Improper Authentication
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 296
Name: Improper Following of a Certificate's Chain of Trust
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 298
Name: Improper Validation of Certificate Expiration
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 302
Name: Authentication Bypass by Assumed-Immutable Data
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 304
Name: Missing Critical Step in Authentication
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 307
Name: Improper Restriction of Excessive Authentication Attempts
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 309
Name: Use of Password System for Primary Authentication
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 345
Name: Insufficient Verification of Data Authenticity
Nature: HasMember
Mapping: Allowed
Type: Compound
ID: 384
Name: Session Fixation
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 521
Name: Weak Password Requirements
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 522
Name: Insufficiently Protected Credentials
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 525
Name: Use of Web Browser Cache Containing Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 613
Name: Insufficient Session Expiration
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 620
Name: Unverified Password Change
Nature: HasMember
Mapping: Allowed-with-Review
Type: Base
ID: 640
Name: Weak Password Recovery Mechanism for Forgotten Password
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 798
Name: Use of Hard-coded Credentials
Nature: HasMember
Mapping: Prohibited
Type: Category
ID: 255
Name: Credentials Management Errors
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:
Rationale:

This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.

Comments:

See member weaknesses of this category.

▼Notes
▼Taxonomy Mappings
Taxonomy NameEntry IDFitEntry Name
▼References
Reference ID: REF-583
Title: A3 Broken Authentication and Session Management
Version: v4.15
Author: OWASP
Publication:
Publisher:
Edition:
URL:http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=70827
URL Date:
Day:N/A
Month:N/A
Year:2007
Details not found