CWE-289
Authentication Bypass by Alternate Name
The product performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor.
Official CWE-289 definition at MITREImpactr finds and proves weaknesses like CWE-289 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist