ClassDraftTop 25 #14

CWE-287Improper Authentication

Category: auth

Description

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Common consequences· 1

  • Integrity / Confidentiality / Availability / Access Control — Read Application Data, Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands
    This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.

Potential mitigations· 1

  • [Architecture and Design]Use an authentication framework or library such as the OWASP ESAPI Authentication feature.

Related CAPEC attack patterns· 10

CAPEC-114CAPEC-115CAPEC-151CAPEC-194CAPEC-22CAPEC-57CAPEC-593CAPEC-633CAPEC-650CAPEC-94

References

  1. https://cwe.mitre.org/data/definitions/287.html

Exploits (incoming)9

TypeTargetConfidenceTier
AttackPatternUpload a Web Shell to a Web Servercapec-650100%live
AttackPatternAuthentication Abusecapec-114100%live
AttackPatternUtilizing REST's Trust in the System Resource to Obtain Sensitive Datacapec-57100%live
AttackPatternExploiting Trust in Clientcapec-22100%live
AttackPatternFake the Source of Datacapec-194100%live
AttackPatternSession Hijackingcapec-593100%live
AttackPatternAuthentication Bypasscapec-115100%live
AttackPatternAdversary in the Middle (AiTM)capec-94100%live
AttackPatternToken Impersonationcapec-633100%live

Compliance frameworks addressing this (incoming)32

TypeTargetConfidenceTier
ComplianceControlnist_csf-rs100%live
ComplianceControliso27001-a.8.21100%live
ComplianceControliso27001-a.8.29100%live
ComplianceControldora-art24100%live
ComplianceControlowasp_top10-a07100%live
ComplianceControldora-art17100%live
ComplianceControliso27701-a.7.3.6100%live
ComplianceControlcis_v8-18100%live
ComplianceControliso27001-a.8.26100%live
ComplianceControlnis2-art21e100%live
ComplianceControlcis_v8-13100%live
ComplianceControlpci_dss_v4-r6100%live
ComplianceControlowasp_api_top10-api10100%live
ComplianceControliso27001-a.8.5100%live
ComplianceControlpci_dss_v4-r9100%live
ComplianceControliso27701-a.7.3.1100%live
ComplianceControliso27001-a.5.23100%live
ComplianceControltiber_eu-closure100%live
ComplianceControldora-art6100%live
ComplianceControlcra-art14100%live
ComplianceControlcis_v8-16100%live
ComplianceControlpci_dss_v4-r8100%live
ComplianceControliso27701-a.7.5.1100%live
ComplianceControlpci_dss_v4-r4100%live
ComplianceControlnis2-art21i100%live
ComplianceControldora-art25100%live
ComplianceControlnis2-art21b100%live
ComplianceControlpci_dss_v4-r11100%live
ComplianceControltiber_eu-testing100%live
ComplianceControldora-art11100%live

Showing top 30 of 32 by confidence. Click any target to see the full neighbourhood.

(incoming)109

TypeTargetConfidenceTier
VulnerabilityCVE-2025-0070cve-2025-00700%live
VulnerabilityCVE-2025-0637cve-2025-06370%live
VulnerabilityCVE-2025-0890cve-2025-08900%live
VulnerabilityCVE-2025-10293cve-2025-102930%live
VulnerabilityCVE-2025-1044cve-2025-10440%live
VulnerabilityCVE-2025-10906cve-2025-109060%live
VulnerabilityCVE-2025-1104cve-2025-11040%live
VulnerabilityCVE-2025-11130cve-2025-111300%live
VulnerabilityCVE-2025-11192cve-2025-111920%live
VulnerabilityCVE-2025-11287cve-2025-112870%live
VulnerabilityCVE-2025-11529cve-2025-115290%live
VulnerabilityCVE-2025-11625cve-2025-116250%live
VulnerabilityCVE-2025-11661cve-2025-116610%live
VulnerabilityCVE-2025-11942cve-2025-119420%live
VulnerabilityCVE-2025-12374cve-2025-123740%live
VulnerabilityCVE-2025-14002cve-2025-140020%live
VulnerabilityCVE-2025-1475cve-2025-14750%live
VulnerabilityCVE-2025-14908cve-2025-149080%live
VulnerabilityCVE-2025-14942cve-2025-149420%live
VulnerabilityCVE-2025-15069cve-2025-150690%live
VulnerabilityCVE-2025-15099cve-2025-150990%live
VulnerabilityCVE-2025-15457cve-2025-154570%live
VulnerabilityCVE-2025-15458cve-2025-154580%live
VulnerabilityCVE-2025-15484cve-2025-154840%live
VulnerabilityCVE-2025-1723cve-2025-17230%live
VulnerabilityCVE-2025-20160cve-2025-201600%live
VulnerabilityCVE-2025-21450cve-2025-214500%live
VulnerabilityCVE-2025-22146cve-2025-221460%live
VulnerabilityCVE-2025-22236cve-2025-222360%live
VulnerabilityCVE-2025-22477cve-2025-224770%live

Showing top 30 of 109 by confidence. Click any target to see the full neighbourhood.

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Weak Authentication
CWE
Improper Authorization
CWE
Insufficient Verification of Data Authenticity
CWE
Incorrect Implementation of Authentication Algorithm
CWE
Incorrect Authorization
CWE
Improper Certificate Validation
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.