CWE-306: Missing Authentication for Critical Function

BaseDraftExploit Likelihood: High🏆 #21 in Top 25 (2024)

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

View on MITRE

744Related CVEs

9.38Severity Score

Back to CWE Lookup

Technical Details

Structure: Simple

Applicable To

Languages

Not Language-Specific

Platforms

🏆 CWE Top 25 Historical Ranking

2023:#20

Score: 3.78

689 CVEs

2024:#21↓1

Score: 9.38

744 CVEs

Trend:Improving (moved up 1 ranks)

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-306

CWE Top 25 Most Dangerous

See how this weakness ranks against others

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references