CWE-287: CWE-287: Improper Authentication

ClassStable🏆 #12 in Top 25 (2024)

Description

View on MITRE
1,117Related CVEs
15.15Severity Score
Back to CWE Lookup

Technical Details

Structure
Simple
Vulnerability Mapping
DISCOURAGED

Applicable To

Languages
Languages
Platforms
Languages

🏆 CWE Top 25 Historical Ranking

2023:#13
Score: 6.39
1,042 CVEs
2024:#12↑1
Score: 15.15
1,117 CVEs
Trend:Worsening (moved down 1 ranks)

Frequently Asked Questions

What is CWE-287: CWE-287: Improper Authentication?+

CWE-287: CWE-287: Improper Authentication is a Common Weakness Enumeration (CWE) entry maintained by MITRE. Description

Is CWE-287 in the CWE Top 25 Most Dangerous Software Weaknesses?+

Yes. CWE-287 ranked #12 in the CWE Top 25 for 2024, associated with 1,117 CVEs that year. The CWE Top 25 highlights the most common and impactful software weaknesses based on real-world vulnerability data.

What are the security consequences of CWE-287: Improper Authentication?+

If exploited, CWE-287 (CWE-287: Improper Authentication) it can compromise Read Application Data, Gain Privileges or Assume Identity and Execute Unauthorized Code or Commands, leading to outcomes such as Scope: Integrity, Confidentiality, Availability, Access Control This weakness can lead to the exposure of resources or functionality to unintended actors and possibly providing attackers with sensitive information or even execute arbitrary code..

How do you prevent or mitigate CWE-287: Improper Authentication?+

Recommended mitigations for CWE-287 include: Strategy: Libraries or Frameworks Use an authentication framework or library such as the OWASP ESAPI Authentication feature.

Which programming languages are affected by CWE-287: Improper Authentication?+

CWE-287 commonly affects Languages. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-287 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More