CWE-304
Overview
- CWE ID
- 304
- CWE Name
- Missing Critical Step in Authentication
- CWE Abstraction
- Base
- CWE structure
- Simple
- CWE Status
- Draft
Description
The software implements an authentication technique, but it skips a step that weakens the technique.
Extended Description
Authentication techniques should follow the algorithms that define them exactly, otherwise authentication can be bypassed or more easily subjected to brute force attacks.