CWE-306 - Missing Authentication for Critical Function

Description

This weakness leads to software inability to perform identification of functionality. Evading an authentication check, attackers can get access to any sensitive data, fulfill administrative functionality and even execute an arbitrary code.
User can identify the weakness only by using manual (human) analysis, for example, penetration testing, threat modeling, and active session modifying. SOAR recommends to perform manual analysis for vulnerabilities & anomalies after using Binary / Bytecode disassembler.
The vulnerability is introduced during Architecture and Design stage.

Latest vulnerabilities for CWE-306

Multiple vulnerabilities in Electrolink FM/DAB/TV Transmitter 2024-04-17
Medium No

Missing authentication for critical function in Juniper Junos OS 2024-04-11
Medium Yes

Multiple vulnerabilities in Microsoft Windows Update Stack 2024-04-10
Low Yes

Multiple vulnerabilities in IBM Operations Analytics Predictive Insights 2024-03-28
High Yes

Remote code execution in Jupyter Server Proxy 2024-03-20
High Yes

Missing authentication for critical function in Watson CP4D Data Stores 2024-03-08
High Yes

Multiple vulnerabilities in IBM Cloud Pak for Multicloud Management 2024-02-29
High Yes

Multiple vulnerabilities in IBM Watson Machine Learning Accelerator on Cloud Pak for Data 2024-02-28
High Yes

Multiple vulnerabilities in IBM Cloud Pak for Multicloud Management Security Services 2024-02-22
High Yes

Missing Authentication for Critical Function in Siemens RUGGEDCOM APE1808 devices with Nozomi Guardian/CMC 2024-02-20
Medium No

References

Description of CWE-306 on Mitre website