CWE-304: Missing Critical Step in Authentication
The product implements an authentication technique, but it skips a step that weakens the technique.
Last updated
Overview
Authentication techniques should follow the algorithms that define them exactly, otherwise authentication can be bypassed or more easily subjected to brute force attacks.
Real-world CVEs
33 recorded CVEs are caused by CWE-304 (Missing Critical Step in Authentication). The highest-severity and most recent are shown first. 6 new CWE-304 CVEs have been recorded so far in 2026 (12 in 2025).