Authenticate Actors

The product performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all ...

The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it t...

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

The product modifies the SSL context after connection creation has begun.

Using an empty string as a password is insecure.

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute fo...

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

The product performs a key exchange with an actor without verifying the identity of that actor.

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

The product implements an authentication technique, but it skips a step that weakens the technique.

The product does not have a mechanism in place for managing password aging.

The product supports password aging, but the expiration period is too long.

Simple authentication protocols are subject to reflection attacks if a malicious user can use the target machine to impersonate a trusted user.

The product uses an IP address for authentication.

When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.

A client/server product performs authentication within client code but not in server code, allowing server-side authentication to be bypassed via a modified client tha...

The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to exter...

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

The product records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store.

The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking at...

The use of single-factor authentication can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme.

The referer field in HTTP requests can be easily modified and, as such, is not a valid means of message integrity checking.

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

This view organizes weaknesses according to common architectural security tactics. It is intended to assist architects in identifying potential mistakes that can be ma...