BaseDraft

CWE-304Missing Critical Step in Authentication

Category: auth

Description

The product implements an authentication technique, but it skips a step that weakens the technique. Authentication techniques should follow the algorithms that define them exactly, otherwise authentication can be bypassed or more easily subjected to brute force attacks.

Common consequences· 1

  • Access Control / Integrity / Confidentiality — Bypass Protection Mechanism, Gain Privileges or Assume Identity, Read Application Data, Execute Unauthorized Code or Commands
    This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or allowing attackers to execute arbitrary code.

References

  1. https://cwe.mitre.org/data/definitions/304.html

(incoming)4

TypeTargetConfidenceTier
VulnerabilityCVE-2025-24322cve-2025-243220%live
VulnerabilityCVE-2026-30831cve-2026-308310%live
VulnerabilityCVE-2026-42452cve-2026-424520%live
VulnerabilityCVE-2026-44547cve-2026-445470%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Missing Cryptographic Step
CWE
Improperly Implemented Security Check for Standard
CWE
Incorrect Implementation of Authentication Algorithm
CWE
Weak Authentication
CWE
Inadequate Encryption Strength
CWE
Use of Single-factor Authentication
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.