CWE-306 (Missing Authentication for Critical Function)
GPTKB entity
Statements (21)
Predicate | Object |
---|---|
gptkbp:instanceOf |
gptkb:Common_Weakness_Enumeration
|
gptkbp:category |
Security Weakness
|
gptkbp:consequence |
Unauthorized access
Privilege escalation Data loss |
gptkbp:describes |
A critical function is accessible without authentication.
|
gptkbp:externalLink |
https://cwe.mitre.org/data/definitions/306.html
|
gptkbp:foundIn |
APIs
Web applications Mobile applications |
gptkbp:hasVersion |
CWE 4.12
|
https://www.w3.org/2000/01/rdf-schema#label |
CWE-306 (Missing Authentication for Critical Function)
|
gptkbp:mitigatedBy |
Require authentication for all critical functions
|
gptkbp:name |
Missing Authentication for Critical Function
|
gptkbp:relatedTo |
gptkb:CWE-287_(Improper_Authentication)
gptkb:CWE-862_(Missing_Authorization) |
gptkbp:status |
Draft
|
gptkbp:vulnerableTo |
gptkb:CWE-306
|
gptkbp:weakness |
gptkb:Base
|
gptkbp:bfsParent |
gptkb:Common_Weakness_Enumeration_(CWE)
|
gptkbp:bfsLayer |
7
|