Statements (38)
| Predicate | Object |
|---|---|
| gptkbp:instance_of |
gptkb:Common_Weakness_Enumeration
|
| gptkbp:bfsLayer |
6
|
| gptkbp:bfsParent |
gptkb:CWE-23
|
| gptkbp:associated_with |
gptkb:CWE-200
gptkb:CWE-22 |
| gptkbp:category |
Access Control Issues
|
| gptkbp:consequences |
Data breaches, unauthorized actions.
|
| gptkbp:difficulty |
gptkb:High
|
| gptkbp:example |
A web application that allows users to perform administrative actions without logging in.
|
| gptkbp:has_weakness |
gptkb:CWE-200
gptkb:CWE-22 gptkb:CWE-601 gptkb:CWE-703 gptkb:CWE-284 gptkb:CWE-306 gptkb:CWE-352 gptkb:CWE-77 gptkb:CWE-918 gptkb:CWE-89 gptkb:CWE-20 CWE-287 |
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-306
|
| gptkbp:impact |
Unauthorized access to critical functions.
|
| gptkbp:is_described_as |
The software does not perform any authentication for a critical function.
|
| gptkbp:is_protected_by |
Implement role-based access control.
Use multi-factor authentication. Require user authentication before accessing sensitive functions. Implement authentication checks for all critical functions. |
| gptkbp:is_referenced_in |
https://cwe.mitre.org/data/definitions/306.html
|
| gptkbp:is_vulnerable_to |
Web applications
Mobile applications AP Is |
| gptkbp:name |
Missing Authentication for Critical Function
|
| gptkbp:related_to |
gptkb:CWE-284
CWE-287 |
| gptkbp:sustainability_initiatives |
Conduct security reviews and audits.
Educate developers on authentication mechanisms. Use secure coding practices. |