CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.7)  

Presentation Filter:

CWE-898: SFP Cluster: Authentication

 
SFP Cluster: Authentication
Category ID: 898 (Category)Status: Incomplete
+ Description

Description Summary

This category identifies Software Fault Patterns (SFPs) within the Authentication cluster.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ParentOfWeakness VariantWeakness Variant258Empty Password in Configuration File
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base259Use of Hard-coded Password
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant262Not Using Password Aging
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base263Password Aging with Long Expiration
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class287Improper Authentication
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base288Authentication Bypass Using an Alternate Path or Channel
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant289Authentication Bypass by Alternate Name
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant293Using Referer Field for Authentication
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base296Improper Following of a Certificate's Chain of Trust
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant297Improper Validation of Certificate with Host Mismatch
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant298Improper Validation of Certificate Expiration
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant299Improper Check for Certificate Revocation
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant302Authentication Bypass by Assumed-Immutable Data
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base303Incorrect Implementation of Authentication Algorithm
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base304Missing Critical Step in Authentication
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base305Authentication Bypass by Primary Weakness
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant306Missing Authentication for Critical Function
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base307Improper Restriction of Excessive Authentication Attempts
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base308Use of Single-factor Authentication
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base309Use of Password System for Primary Authentication
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base321Use of Hard-coded Cryptographic Key
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class345Insufficient Verification of Data Authenticity
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base346Origin Validation Error
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant350Reliance on Reverse DNS Resolution for a Security-Critical Action
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base360Trust of System Event Data
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant422Unprotected Windows Messaging Channel ('Shatter')
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base425Direct Request ('Forced Browsing')
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base521Weak Password Requirements
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant547Use of Hard-coded, Security-relevant Constants
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base551Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant556ASP.NET Misconfiguration: Use of Identity Impersonation
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base565Reliance on Cookies without Validation and Integrity Checking
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class592Authentication Bypass Issues
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant593Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant599Missing Validation of OpenSSL Certificate
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base603Use of Client-Side Authentication
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base605Multiple Binds to the Same Port
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base613Insufficient Session Expiration
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant620Unverified Password Change
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base645Overly Restrictive Account Lockout Mechanism
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant647Use of Non-Canonical URL Paths for Authorization Decisions
Software Fault Pattern (SFP) Clusters (primary)888
MemberOfViewView888Software Fault Pattern (SFP) Clusters
Software Fault Pattern (SFP) Clusters (primary)888
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2012-03-22Internal CWE Team
Modifications
Modification DateModifierOrganizationSource
2013-07-17MITREInternal
updated Relationships
Page Last Updated: June 23, 2014