| CWE-30 |
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\dir\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory. |
| CWE-300 |
The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint. |
| CWE-301 |
Simple authentication protocols are subject to reflection attacks if a malicious user can use the target machine to impersonate a trusted user. |
| CWE-302 |
The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker. |
| CWE-303 |
The requirements for the software dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect. |
| CWE-304 |
The software implements an authentication technique, but it skips a step that weakens the technique. |
| CWE-305 |
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. |
| CWE-306 |
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-307 |
The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks. |
| CWE-308 |
The use of single-factor authentication can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. |
