CWE-289

Overview
  • CWE ID
  • 289
  • CWE Name
  • Authentication Bypass by Alternate Name
  • CWE Abstraction
  • Variant
  • CWE structure
  • Simple
  • CWE Status
  • Incomplete
Description
The software performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor.
Extended Description
Related CWEs
CWE ID View ID Nature Ordinal
1390 1000 ChildOf Primary