CWE•Base•Draft•6 recent CVEs

CWE-304Missing Critical Step in Authentication

Description

The product implements an authentication technique, but it skips a step that weakens the technique.

Authentication techniques should follow the algorithms that define them exactly, otherwise authentication can be bypassed or more easily subjected to brute force attacks.

Common consequences

Access Control,Integrity,Confidentiality→Bypass Protection Mechanism,Gain Privileges or Assume Identity,Read Application Data,Execute Unauthorized Code or Comman
This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or allowing attackers to execute arbitrary code.

Recent CVEs classified under this CWE

CVE-2026-445479.62026-05-12 CVE-2026-424528.12026-05-08 CVE-2026-405427.32026-04-22 CVE-2025-57153.82025-06-06 CVE-2024-121366.92025-03-19 CVE-2024-21729.82024-03-13

Description

Common consequences

Related CWEs

Recent CVEs classified under this CWE