CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.7)  

Presentation Filter:

CWE-303: Incorrect Implementation of Authentication Algorithm

 
Incorrect Implementation of Authentication Algorithm
Weakness ID: 303 (Weakness Base)Status: Draft
+ Description

Description Summary

The requirements for the software dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

Extended Description

This incorrect implementation may allow authentication to be bypassed.

+ Time of Introduction
  • Implementation
+ Applicable Platforms

Languages

All

+ Common Consequences
ScopeEffect

Technical Impact: Bypass protection mechanism

+ Observed Examples
ReferenceDescription
Conditional should have been an 'or' not an 'and'.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class287Improper Authentication
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfCategoryCategory898SFP Cluster: Authentication
Software Fault Pattern (SFP) Clusters (primary)888
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERAuthentication Logic Error
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
Externally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01CigitalExternal
updated Time_of_Introduction
2008-09-08MITREInternal
updated Relationships, Taxonomy_Mappings
2008-10-14MITREInternal
updated Description
2009-05-27MITREInternal
updated Description, Name
2011-06-01MITREInternal
updated Common_Consequences
2012-05-11MITREInternal
updated Relationships
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Authentication Logic Error
2009-05-27Improper Implementation of Authentication Algorithm
Page Last Updated: June 23, 2014