CWE-306 (Missing Authentication for Critical Function)

GPTKB entity

Statements (21)
Predicate Object
gptkbp:instanceOf gptkb:Common_Weakness_Enumeration
gptkbp:category Security Weakness
gptkbp:consequence Unauthorized access
Privilege escalation
Data loss
gptkbp:describes A critical function is accessible without authentication.
gptkbp:externalLink https://cwe.mitre.org/data/definitions/306.html
gptkbp:foundIn APIs
Web applications
Mobile applications
gptkbp:hasVersion CWE 4.12
https://www.w3.org/2000/01/rdf-schema#label CWE-306 (Missing Authentication for Critical Function)
gptkbp:mitigatedBy Require authentication for all critical functions
gptkbp:name Missing Authentication for Critical Function
gptkbp:relatedTo gptkb:CWE-287_(Improper_Authentication)
gptkb:CWE-862_(Missing_Authorization)
gptkbp:status Draft
gptkbp:vulnerableTo gptkb:CWE-306
gptkbp:weakness gptkb:Base
gptkbp:bfsParent gptkb:Common_Weakness_Enumeration_(CWE)
gptkbp:bfsLayer 7