Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Resource Accessible Without Required Authentication - Vulnerability Database

Resource Accessible Without Required Authentication

Description

A resource that should require authentication is accessible without proper authentication mechanisms in place. This vulnerability allows unauthorized access to potentially sensitive information or functionality.

Remediation

1. Implement proper authentication mechanisms for all sensitive resources. 2. Ensure that authentication checks are performed server-side before granting access. 3. Use strong, industry-standard authentication protocols (e.g., OAuth 2.0, JWT). 4. Regularly audit and test authentication mechanisms to ensure they are functioning correctly.

References

OWASP API Security Top 10 2023: API2 - Broken Authentication
OWASP API Security Top 10 2023: API5 - Broken Function Level Authorization
CWE-287: Improper Authentication

Severity

Medium

Classification

CWE-287
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L