SFP Secondary Cluster: Authentication Bypass

The product performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all ...

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

The product implements an authentication technique, but it skips a step that weakens the technique.

A client/server product performs authentication within client code but not in server code, allowing server-side authentication to be bypassed via a modified client tha...

The use of password systems as the primary means of authentication may be subject to several flaws or shortcomings, each reducing the effectiveness of the mechanism.

The use of single-factor authentication can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme.

CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).