| CWE-308 |
Use of Single-factor Authentication |
|
|
| CWE-307 |
Improper Restriction of Excessive Authentication Attempts |
|
|
| CWE-306 |
Missing Authentication for Critical Function |
|
|
| CWE-305 |
Authentication Bypass by Primary Weakness |
|
|
| CWE-304 |
Missing Critical Step in Authentication |
|
|
| CWE-303 |
Incorrect Implementation of Authentication Algorithm |
|
|
| CWE-302 |
Authentication Bypass by Assumed-Immutable Data |
|
|
| CWE-301 |
Reflection Attack in an Authentication Protocol |
|
|
| CWE-300 |
Channel Accessible by Non-Endpoint |
|
|
| CWE-30 |
Path Traversal: '\dir\..\filename' |
|
|
| CWE-3 |
DEPRECATED: Technology-specific Environment Issues |
|
|
| CWE-299 |
Improper Check for Certificate Revocation |
|
|
| CWE-298 |
Improper Validation of Certificate Expiration |
|
|
| CWE-297 |
Improper Validation of Certificate with Host Mismatch |
|
|
| CWE-296 |
Improper Following of a Certificate's Chain of Trust |
|
|
| CWE-295 |
Improper Certificate Validation |
|
|
| CWE-294 |
Authentication Bypass by Capture-replay |
|
|
| CWE-293 |
Using Referer Field for Authentication |
|
|
| CWE-292 |
DEPRECATED: Trusting Self-reported DNS Name |
|
|
| CWE-291 |
Reliance on IP Address for Authentication |
|
|
