CWE-287 (Improper Authentication)
GPTKB entity
Statements (27)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:Common_Weakness_Enumeration
|
| gptkbp:category |
Security Weakness
|
| gptkbp:consequence |
Unauthorized access
Privilege escalation Data exposure |
| gptkbp:describedBy |
gptkb:MITRE_CWE
|
| gptkbp:describes |
When an application does not properly verify the identity of a user, process, or device before granting access to sensitive resources.
|
| gptkbp:example |
Accepting default or blank passwords
Not validating authentication tokens Allowing access to a system without verifying a password |
| gptkbp:foundIn |
APIs
Network services Web applications |
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-287 (Improper Authentication)
|
| gptkbp:maintainedBy |
gptkb:MITRE
|
| gptkbp:name |
Improper Authentication
|
| gptkbp:parent |
CWE-284 (Access Control)
|
| gptkbp:prevention |
Implement strong authentication mechanisms
Use multi-factor authentication Validate credentials properly |
| gptkbp:relatedTo |
CWE-285 (Improper Authorization)
CWE-384 (Session Fixation) CWE-863 (Incorrect Authorization) |
| gptkbp:status |
Active
|
| gptkbp:vulnerableTo |
gptkb:CWE-287
|
| gptkbp:bfsParent |
gptkb:Common_Weakness_Enumeration_(CWE)
|
| gptkbp:bfsLayer |
7
|