|
|
|
|
|
|
by alipitch
1481 days ago
|
|
|
"Strict Identifier Verification" look kind of like CWE-304. CWE-304: Missing Critical Step in Authentication <https://cwe.mitre.org/data/definitions/304.html> Looking at the CWE-304 wording, this does not look like the right CWE, but OWASP ASVP 2.2.2 points to this CWE. OWASP ASVP 2.2.2 <https://github.com/OWASP/ASVS/blob/v4.0.3_release/4.0/en/0x1...> 2.2.2
Verify that the use of weak authenticators (such as SMS and email) is limited to secondary verification and transaction approval and not as a replacement for more secure authentication methods. Verify that stronger methods are offered before weak methods, users are aware of the risks, or that proper measures are in place to limit the risks of account compromise.
CWE-304
|
|
|