CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.8)  

Presentation Filter:

CWE-724: OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management

 
OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
Category ID: 724 (Category)Status: Incomplete
+ Description

Description Summary

Weaknesses in this category are related to the A3 category in the OWASP Top Ten 2004.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ParentOfCategoryCategory255Credentials Management
Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOfWeakness BaseWeakness Base259Use of Hard-coded Password
Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOfWeakness ClassWeakness Class287Improper Authentication
Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOfWeakness BaseWeakness Base296Improper Following of a Certificate's Chain of Trust
Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOfWeakness VariantWeakness Variant298Improper Validation of Certificate Expiration
Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOfWeakness VariantWeakness Variant302Authentication Bypass by Assumed-Immutable Data
Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOfWeakness BaseWeakness Base304Missing Critical Step in Authentication
Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOfWeakness BaseWeakness Base307Improper Restriction of Excessive Authentication Attempts
Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOfWeakness BaseWeakness Base309Use of Password System for Primary Authentication
Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOfWeakness ClassWeakness Class345Insufficient Verification of Data Authenticity
Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOfCompound Element: CompositeCompound Element: Composite384Session Fixation
Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOfWeakness BaseWeakness Base521Weak Password Requirements
Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOfWeakness BaseWeakness Base522Insufficiently Protected Credentials
Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOfWeakness VariantWeakness Variant525Information Exposure Through Browser Caching
Weaknesses in OWASP Top Ten (2004)711
ParentOfWeakness ClassWeakness Class592Authentication Bypass Issues
Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOfWeakness BaseWeakness Base613Insufficient Session Expiration
Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOfWeakness VariantWeakness Variant620Unverified Password Change
Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOfWeakness BaseWeakness Base640Weak Password Recovery Mechanism for Forgotten Password
Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOfWeakness BaseWeakness Base798Use of Hard-coded Credentials
Weaknesses in OWASP Top Ten (2004) (primary)711
MemberOfViewView711Weaknesses in OWASP Top Ten (2004)
Weaknesses in OWASP Top Ten (2004) (primary)711
+ References
OWASP. "A3 Broken Authentication and Session Management". 2007. <http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=70827>.
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2008-08-15VeracodeExternal Submission
Suggested creation of view and provided mappings
Modifications
Modification DateModifierOrganizationSource
2009-03-10CWE Content TeamMITREInternal
updated Related_Attack_Patterns, Relationships
2010-02-16CWE Content TeamMITREInternal
updated Relationships
Page Last Updated: July 30, 2014