CWE-302
Authentication Bypass by Assumed-Immutable Data
The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.
Official CWE-302 definition at MITREImpactr finds and proves weaknesses like CWE-302 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist