ES2602-bd8e9372 - Improper Authentication State Lifecycle Handling

[cmullaly-mitre]

Submission File: ES2602-bd8e9372-new-improper-authentication-state-lifecycle-handling.txt

ID: ES2602-bd8e9372

SUBMISSION DATE: 2026-02-24 18:42:52

NAME: Improper Authentication State Lifecycle Handling

DESCRIPTION:

Systems issuing encrypted or signed authentication artifacts, such as
tokens or verification state, may improperly process these artifacts beyond
their intended session lifecycle. Valid authentication state can be reused
across sessions, processed without proper account or session binding, and
trigger deterministic corruption of account state. This results in
persistent authentication failures, verification loops, and permanent
denial of service for high-value accounts. The weakness originates from
improper lifecycle enforcement, cross-session state processing, and flaws
in the authentication state machine logic, creating availability and
integrity impacts without granting unauthorized access or exposing
credentials.

[RushiP-MITRE]

ES2602-bd8e9372 has been assigned to a member of the CWE Content Team as part of the INITIAL REVIEW phase. We will provide feedback as soon as possible.

The review process will analyze the submission for scope and submission problems as documented here:

• Submission problems
• Scope exclusions

After initial review, we might need to ask you additional questions (CONSULTATION phase) to ensure that the submitted information is accurate, properly understood, and (for new entry proposals) falls within CWE's scope. Afterward, we will make a DECISION as to whether a new CWE entry is needed, or if an existing entry needs to be modified. If a new entry is needed, we will then request more detailed content from you (SUPPORTING ANALYSIS). See the following URL for more details:

https://cwe.mitre.org/community/submissions/guidelines.html