Cyber Resilience

CWE · MITRE source

CWE-287Improper Authentication

Abstraction: Class · CVEs in our corpus: 4,382

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: full · 40 mapping(s) from 10 framework(s): ASVS 5.0 11 (mostly) · CAPEC 9 (partial) · CSF 2.0 6 (mostly) · ATT&CK 5 (mostly) · STIG rhel 7 3 (mostly) · STIG ubuntu 24 04 2 (mostly) · OWASP-Web 1 (full) · STIG ubuntu 22 04 1 (mostly) · STIG oracle linux 8 1 (mostly) · STIG rhel 8 1 (mostly)

See the full cumulative-coverage rollup →

OWASP Top 10 for Web (2025)

This weakness contributes to A07:2025 Authentication Failures.

NIST 800-53 r5 controls that address this weakness (40)AI

Showing the 15 most specific. Generic controls that address many weakness types are collapsed below.

Control Title Family Why it addresses this CWE
IA-1Policy and ProceduresIADocumented IA policy and procedures require proper authentication mechanisms to be defined and followed, reducing improper authentication.
IA-10Adaptive AuthenticationIARequires adaptive authentication under specific conditions, directly strengthening authentication mechanisms against improper or insufficient authentication.
IA-12Identity ProofingIAIdentity proofing requires collecting, validating, and verifying evidence to resolve claims to unique individuals, directly preventing insufficient proof of identity during account establishment.
AT-1Policy and ProceduresATDocumented procedures ensure personnel are trained on authentication mechanisms, tangibly lowering the risk of improper authentication being exploited.
AT-2Literacy Training and AwarenessATSecurity awareness training instructs users on secure authentication practices and avoiding credential compromise.
AT-3Role-based TrainingATTraining on authentication mechanisms and best practices decreases the occurrence of improper authentication.
AU-10Non-repudiationAUNon-repudiation requires strong authentication mechanisms to irrefutably attribute performed actions to specific individuals or processes.
AU-14Session AuditAUSession content review can reveal authentication bypasses or failures in session establishment.
AU-6Audit Record Review, Analysis, and ReportingAUReview of authentication-related audit records can detect improper authentication mechanisms or bypasses.
CA-2Control AssessmentsCAAssessments check authentication mechanisms for correct implementation and effectiveness, reducing successful authentication bypass attempts.
CA-3Information ExchangeCAMandating documentation of security requirements for exchanges includes specifying and enforcing authentication mechanisms between systems.
CA-8Penetration TestingCAPenetration testing probes authentication mechanisms for bypasses, allowing identification and fixing of improper authentication issues.
PM-13Security and Privacy WorkforcePMDevelopment programs cover authentication best practices, making weak or missing authentication less likely.
PM-14Testing, Training, and MonitoringPMAuthentication testing and monitoring activities ensure mechanisms are implemented, maintained, and resistant to bypass.
PM-7Enterprise ArchitecturePMSecurity-conscious enterprise architecture mandates authentication mechanisms and identity management at scale, mitigating improper authentication.
Show 25 more broadly-applicable controls
IA-13Identity Providers and Authorization ServersIAIdentity providers centralize and enforce authentication mechanisms, reducing improper authentication.
IA-2Identification and Authentication (Organizational Users)IARequires unique identification and authentication of organizational users, directly preventing improper authentication.
IA-3Device Identification and AuthenticationIAEnforces unique device identification and authentication before any connection is established, directly mitigating improper authentication weaknesses.
IA-4Identifier ManagementIAProvides unique, authorized identifiers that are foundational to preventing authentication weaknesses.
IA-7Cryptographic Module AuthenticationIADirectly requires implementation of compliant authentication mechanisms to cryptographic modules, preventing improper authentication.
IA-8Identification and Authentication (Non-organizational Users)IAMandates unique identification and authentication of non-organizational users, directly mitigating improper authentication.
IA-9Service Identification and AuthenticationIARequires unique identification and authentication of services before any communications, directly mitigating improper authentication.
SA-11Developer Testing and EvaluationSAAuthentication mechanism testing and evaluation during development identifies bypass or weakness conditions, with mandatory correction prior to system delivery.
SA-16Developer-provided TrainingSADeveloper-provided instruction on authentication controls improves correct implementation and ongoing operation of authentication.
SA-3System Development Life CycleSARequiring explicit security roles and risk integration in the SDLC forces authentication mechanisms to be planned, documented, and validated instead of omitted or weakly implemented.
SC-19Voice Over Internet ProtocolSCImplementation guidance and monitoring requirements force proper authentication mechanisms for VoIP endpoints and sessions.
SC-26DecoysSCDecoy authentication surfaces detect bypass attempts and deflect real credential attacks through observable malicious interactions.
SC-40Wireless Link ProtectionSCRequires authentication mechanisms on the wireless link, making improper authentication weaknesses harder to exploit.
CP-10System Recovery and ReconstitutionCPSystem recovery re-establishes trusted authentication processes following a compromise.
CP-13Alternative Security MechanismsCPDelivers alternative authentication approaches to verify identity when the primary authentication mechanism is unavailable or compromised.
PL-8Security and Privacy ArchitecturesPLSecurity architectures must specify authentication requirements and approaches, making systemic authentication weaknesses harder to introduce.
PL-9Central ManagementPLCentralized authentication mechanisms and policy enforcement reduce the chance of missing or weak authentication on individual components.
PS-1Policy and ProceduresPSPersonnel screening, identity verification, and access-agreement requirements support reliable authentication and reduce authentication bypass opportunities.
PS-4Personnel TerminationPSRevoking authenticators and credentials eliminates the ability of terminated individuals to authenticate using prior mechanisms.
RA-10Threat HuntingRAHunting detects anomalous authentication patterns or successful bypasses that allow persistent unauthorized entry.
RA-3Risk AssessmentRAAssessment of authentication-related threats and vulnerabilities leads to remediation of missing or weak authentication controls.
AC-9Previous Logon NotificationACDetects unauthorized successful logons resulting from improper authentication implementations.
IR-10Integrated Information Security Analysis TeamIRIntegrated incident analysis improves detection and mitigation of authentication bypasses and failures during security events.
MA-4Nonlocal MaintenanceMARequiring strong authentication for establishing nonlocal maintenance sessions directly mitigates improper authentication.
SI-4System MonitoringSIDetects unauthorized use and connections stemming from authentication bypass or failure.

MITRE ATT&CK techniques this weakness enables

Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.

Direction: other covers this; this covers other (F/M/P = full / mostly / partial).

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2013-0625 KEV10.09.80.93802013-01-09
CVE-2015-7755 KEV10.09.80.61402015-12-19
CVE-2017-7921 KEV10.09.81.00002017-05-06
CVE-2016-7836 KEV10.09.80.19382017-06-09
CVE-2015-1187 KEV10.09.80.82862017-09-21
CVE-2018-10561 KEV10.09.80.93322018-05-04
CVE-2019-0543 KEV10.07.80.04722019-01-08
CVE-2019-19006 KEV UPD10.09.80.36612019-11-21
CVE-2020-0688 KEV10.08.80.99972020-02-11
CVE-2020-4427 KEV10.09.80.70032020-05-07
CVE-2020-8193 KEV10.06.50.88412020-07-10
CVE-2020-8196 KEV10.04.30.26332020-07-10
CVE-2020-12812 KEV10.09.80.49342020-07-24
CVE-2021-22893 KEV10.010.00.47172021-04-23
CVE-2021-32030 KEV10.09.80.99392021-05-06
CVE-2021-32648 KEV10.08.20.90422021-08-26
CVE-2021-33044 KEV10.09.80.99872021-09-15
CVE-2021-33045 KEV10.09.80.99562021-09-15
CVE-2021-39226 KEV10.09.80.99892021-10-05
CVE-2022-23134 KEV10.03.70.84662022-01-13
CVE-2022-0492 KEV UPD10.07.80.05532022-03-03
CVE-2022-40684 KEV10.09.80.99982022-10-18
CVE-2023-28461 KEV10.09.80.67642023-03-15
CVE-2023-27351 KEV10.07.50.78422023-04-20
CVE-2023-20867 KEV10.03.90.13642023-06-13