CWE-302 - CERT CVE

CWE-302 - Authentication Bypass by Assumed-Immutable Data

The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.

CAPEC ID Naziv
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-13 Subverting Environment Variable Values
CAPEC-21 Exploitation of Trusted Identifiers
CAPEC-274 HTTP Verb Tampering
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-39 Manipulating Opaque Client-based Data Tokens
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-77 Manipulating User-Controlled Variables