CWE-306 - Missing Authentication for Critical Function


This weakness leads to software inability to perform identification of functionality. Evading an authentication check, attackers can get access to any sensitive data, fulfill administrative functionality and even execute an arbitrary code.
User can identify the weakness only by using manual (human) analysis, for example, penetration testing, threat modeling, and active session modifying. SOAR recommends to perform manual analysis for vulnerabilities & anomalies after using Binary / Bytecode disassembler.
The vulnerability is introduced during Architecture and Design stage.

Latest vulnerabilities for CWE-306


Description of CWE-306 on Mitre website