Missing Authentication for Critical Function [CWE-306] — The Hacktivists

1. Description
………………………………

This weakness describes a case where software does not perform validation of user identity before allowing access to any privileged application functionality.

2. Potential impact
………………………………

Depending on exposed functionality and application capabilities the impact of this vulnerability can vary from information disclosure to complete application compromise.

3. Attack patterns
………………………………

The following CAPEC patterns are related to this weakness:

4. Affected software
………………………………

Missing authentication for the critical function is a language-independent issue that can appear in any multiuser environment.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
The Hacktivists

The Hacktivists

Contact us for Information Security Services & Training https://thehacktivists.in/