Cyber Posture

CWE · MITRE source

CWE-304Missing Critical Step in Authentication

Abstraction: Base · CVEs in our corpus: 29

The product implements an authentication technique, but it skips a step that weakens the technique.

Authentication techniques should follow the algorithms that define them exactly, otherwise authentication can be bypassed or more easily subjected to brute force attacks.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (1)AI

Control Title Family Why it addresses this CWE
IA-8Identification and Authentication (Non-organizational Users)IAEnsures the authentication process is followed for non-organizational users, avoiding missing critical steps.

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2022-23022.09.80.00682022-07-11
CVE-2024-21722.09.80.01122024-03-13
CVE-2024-89542.09.80.00262025-03-20
CVE-2026-308312.09.80.00082026-03-06
CVE-2022-406221.88.80.00102022-09-13
CVE-2024-457641.89.00.00102024-11-08
CVE-2024-120481.88.80.00212025-03-20
CVE-2019-167661.78.70.00162019-11-29
CVE-2022-10651.78.10.01692022-04-19
CVE-2024-113021.68.00.00082025-03-20
CVE-2024-92161.68.10.00172025-03-20
CVE-2025-243221.68.10.00092025-08-20
CVE-2022-28211.57.50.00292022-08-15
CVE-2023-228331.57.60.00062023-06-06
CVE-2023-524241.57.40.00212024-05-17
CVE-2024-201531.57.50.00682025-01-06
CVE-2025-551381.57.40.00052025-08-07
CVE-2026-405421.57.30.00102026-04-22
CVE-2024-121361.46.90.00012025-03-19
CVE-2024-529651.47.20.00132025-07-08
CVE-2021-411791.36.50.00512021-10-25
CVE-2022-393601.36.50.00172022-10-26
CVE-2023-36281.36.50.00092023-12-18
CVE-2024-77451.36.50.00282024-08-28
CVE-2025-437981.36.50.00032025-09-15