CWE-302: Authentication Bypass by Assumed-Immutable Data
ID
CWE-302
Abstraction
Base
Structure
Simple
Status
Incomplete
Number of CVEs
12
The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.
Modes of Introduction
Phase | Note |
---|---|
Architecture and Design | COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic. |
Implementation |
Applicable Platforms
Type | Class | Name | Prevalence |
---|---|---|---|
Language | Not Language-Specific |
Common Attack Pattern Enumeration and Classification (CAPEC)
The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.
CAPEC at Mitre.org# ID | Name | Weaknesses |
---|---|---|
CAPEC-10 | Buffer Overflow via Environment Variables | CWE-302 |
CAPEC-13 | Subverting Environment Variable Values | CWE-302 |
CAPEC-21 | Exploitation of Trusted Identifiers | CWE-302 |
CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies | CWE-302 |
CAPEC-39 | Manipulating Opaque Client-based Data Tokens | CWE-302 |
CAPEC-45 | Buffer Overflow via Symbolic Links | CWE-302 |
CAPEC-77 | Manipulating User-Controlled Variables | CWE-302 |
CAPEC-274 | HTTP Verb Tampering | CWE-302 |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...