BaseDraftTop 25 #25
CWE-306Missing Authentication for Critical Function
Category: auth
Description
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Common consequences· 1
- Access Control / Other — Gain Privileges or Assume Identity, Varies by ContextExposing critical functionality essentially provides an attacker with the privilege level of that functionality. The consequences will depend on the associated functionality, but they can range from reading or modifying sensitive data, accessing administrative or other privileged functionality, or possibly even executing arbitrary code.
Potential mitigations· 5
- [Architecture and Design]
- [Architecture and Design]For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
- [Architecture and Design]
- [Architecture and Design]
- [Implementation, System Configuration, Operation]When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to require strong authentication for users who should be allowed to access the data [REF-1297] [REF-1298] [REF-1302].
Related CAPEC attack patterns· 5
References
Exploits (incoming)4
| Type | Target | Confidence | Tier |
|---|---|---|---|
| AttackPattern | Using Unpublished Interfaces or Functionalitycapec-36 | 100% | live |
| AttackPattern | Communication Channel Manipulationcapec-216 | 100% | live |
| AttackPattern | Choosing Message Identifiercapec-12 | 100% | live |
| AttackPattern | Cross Site Request Forgerycapec-62 | 100% | live |
Compliance frameworks addressing this (incoming)34
| Type | Target | Confidence | Tier |
|---|---|---|---|
| ComplianceControl | iso27701-a.7.3.1 | 100% | live |
| ComplianceControl | iso27701-a.7.2.1 | 100% | live |
| ComplianceControl | dora-art13 | 100% | live |
| ComplianceControl | iso27001-a.8.2 | 100% | live |
| ComplianceControl | dora-art5 | 100% | live |
| ComplianceControl | nist_csf-id | 100% | live |
| ComplianceControl | owasp_top10-a01 | 100% | live |
| ComplianceControl | dora-art10 | 100% | live |
| ComplianceControl | cis_v8-7 | 100% | live |
| ComplianceControl | nist_csf-rs | 100% | live |
| ComplianceControl | iso27701-a.7.3.6 | 100% | live |
| ComplianceControl | pci_dss_v4-r8 | 100% | live |
| ComplianceControl | tiber_eu-generic | 100% | live |
| ComplianceControl | cis_v8-5 | 100% | live |
| ComplianceControl | pci_dss_v4-r12 | 100% | live |
| ComplianceControl | iso27001-a.8.25 | 100% | live |
| ComplianceControl | owasp_llm_top10-llm08 | 100% | live |
| ComplianceControl | pci_dss_v4-r1 | 100% | live |
| ComplianceControl | dora-art7 | 100% | live |
| ComplianceControl | iso27001-a.8.5 | 100% | live |
| ComplianceControl | owasp_api_top10-api09 | 100% | live |
| ComplianceControl | dora-art11 | 100% | live |
| ComplianceControl | ai_act-art73 | 100% | live |
| ComplianceControl | nist_csf-de | 100% | live |
| ComplianceControl | nis2-art21j | 100% | live |
| ComplianceControl | nist_csf-gv | 100% | live |
| ComplianceControl | pci_dss_v4-r9 | 100% | live |
| ComplianceControl | nis2-art21g | 100% | live |
| ComplianceControl | dora-art9 | 100% | live |
| ComplianceControl | cra-annexi-2 | 100% | live |
Showing top 30 of 34 by confidence. Click any target to see the full neighbourhood.
(incoming)112
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | Palo Alto Networks PAN-OS Authentication Bypass Vulnerabilitycve-2025-0108 | 0% | live |
| Vulnerability | CVE-2025-0159cve-2025-0159 | 0% | live |
| Vulnerability | CVE-2025-0456cve-2025-0456 | 0% | live |
| Vulnerability | CVE-2025-0896cve-2025-0896 | 0% | live |
| Vulnerability | CVE-2025-10452cve-2025-10452 | 0% | live |
| Vulnerability | CVE-2025-10906cve-2025-10906 | 0% | live |
| Vulnerability | CVE-2025-11007cve-2025-11007 | 0% | live |
| Vulnerability | CVE-2025-11130cve-2025-11130 | 0% | live |
| Vulnerability | CVE-2025-11529cve-2025-11529 | 0% | live |
| Vulnerability | CVE-2025-11661cve-2025-11661 | 0% | live |
| Vulnerability | CVE-2025-11942cve-2025-11942 | 0% | live |
| Vulnerability | CVE-2025-12049cve-2025-12049 | 0% | live |
| Vulnerability | CVE-2025-12476cve-2025-12476 | 0% | live |
| Vulnerability | CVE-2025-12477cve-2025-12477 | 0% | live |
| Vulnerability | CVE-2025-12548cve-2025-12548 | 0% | live |
| Vulnerability | CVE-2025-1283cve-2025-1283 | 0% | live |
| Vulnerability | CVE-2025-13030cve-2025-13030 | 0% | live |
| Vulnerability | CVE-2025-1315cve-2025-1315 | 0% | live |
| Vulnerability | CVE-2025-13607cve-2025-13607 | 0% | live |
| Vulnerability | CVE-2025-13779cve-2025-13779 | 0% | live |
| Vulnerability | CVE-2025-14300cve-2025-14300 | 0% | live |
| Vulnerability | CVE-2025-14346cve-2025-14346 | 0% | live |
| Vulnerability | CVE-2025-14349cve-2025-14349 | 0% | live |
| Vulnerability | CVE-2025-14577cve-2025-14577 | 0% | live |
| Vulnerability | CVE-2025-15026cve-2025-15026 | 0% | live |
| Vulnerability | CVE-2025-15517cve-2025-15517 | 0% | live |
| Vulnerability | CVE-2025-15620cve-2025-15620 | 0% | live |
| Vulnerability | CVE-2025-1717cve-2025-1717 | 0% | live |
| Vulnerability | CVE-2025-1907cve-2025-1907 | 0% | live |
| Vulnerability | CVE-2025-20358cve-2025-20358 | 0% | live |
Showing top 30 of 112 by confidence. Click any target to see the full neighbourhood.
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.