Authentication Bypass by Incorrect Access Control in WebAuthN

Description

Authentication Bypass by Incorrect Access Control in WebAuthN

CWE

284

CVE

38299

Attack Surfaces

Crypto-secured Communication (MITRE EMB3D PID-4113)

Interactive Device (MITRE EMB3D PID-33)

Authenticated Services (MITRE EMB3D PID-332)

Authenticated Sessions (MITRE EMB3D PID-3322)

Attack Vectors

Insecure Cryptographic Implementation (MITRE EMB3D TID-318)

Defenses

Fix Access Control Misconfiguration, Include Missing User Presence Check