From 3249fbdb426c073f250aadd0597573d01760cf68 Mon Sep 17 00:00:00 2001
From: Riccardo Poffo <truerick@hotmail.it>
Date: Tue, 4 Feb 2025 09:46:20 +0100
Subject: [PATCH] Update all CWE IDs on MASWE elements of MASVS-AUTH-2.

---
 weaknesses/MASVS-AUTH/MASWE-0041.md | 2 +-
 weaknesses/MASVS-AUTH/MASWE-0042.md | 2 +-
 weaknesses/MASVS-AUTH/MASWE-0043.md | 1 +
 weaknesses/MASVS-AUTH/MASWE-0044.md | 1 +
 weaknesses/MASVS-AUTH/MASWE-0045.md | 1 +
 weaknesses/MASVS-AUTH/MASWE-0046.md | 1 +
 6 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/weaknesses/MASVS-AUTH/MASWE-0041.md b/weaknesses/MASVS-AUTH/MASWE-0041.md
index 8b52d2abaa..069f9670d0 100644
--- a/weaknesses/MASVS-AUTH/MASWE-0041.md
+++ b/weaknesses/MASVS-AUTH/MASWE-0041.md
@@ -7,7 +7,7 @@ profiles: [L1, L2]
 mappings:
   masvs-v1: [MSTG-AUTH-1]
   masvs-v2: [MASVS-AUTH-2]
-  cwe: [603, 307, 287]
+  cwe: [603, 287]
 
 draft:
   description: General authentication best practice. Only for apps with connection.
diff --git a/weaknesses/MASVS-AUTH/MASWE-0042.md b/weaknesses/MASVS-AUTH/MASWE-0042.md
index 0ef1293a36..5c91f44d17 100644
--- a/weaknesses/MASVS-AUTH/MASWE-0042.md
+++ b/weaknesses/MASVS-AUTH/MASWE-0042.md
@@ -7,7 +7,7 @@ profiles: [L1, L2]
 mappings:
   masvs-v1: [MSTG-AUTH-12]
   masvs-v2: [MASVS-AUTH-2]
-  cwe: [284, 285, 862, 863]
+  cwe: [285, 602, 863]
 
 refs:
 - https://developers.google.com/identity/smartlock-passwords/android/associate-apps-and-sites
diff --git a/weaknesses/MASVS-AUTH/MASWE-0043.md b/weaknesses/MASVS-AUTH/MASWE-0043.md
index a4ef612bf7..19df724196 100644
--- a/weaknesses/MASVS-AUTH/MASWE-0043.md
+++ b/weaknesses/MASVS-AUTH/MASWE-0043.md
@@ -6,6 +6,7 @@ platform: [android, ios]
 profiles: [L2]
 mappings:
   masvs-v2: [MASVS-AUTH-2, MASVS-CRYPTO-2]
+  cwe: [922, 326, 312]
 
 draft:
   description: It's better to use the OS Local Auth / bind to a key stored in the
diff --git a/weaknesses/MASVS-AUTH/MASWE-0044.md b/weaknesses/MASVS-AUTH/MASWE-0044.md
index f88d598fd2..8c49056ba4 100644
--- a/weaknesses/MASVS-AUTH/MASWE-0044.md
+++ b/weaknesses/MASVS-AUTH/MASWE-0044.md
@@ -7,6 +7,7 @@ profiles: [L2]
 mappings:
   masvs-v1: [MSTG-AUTH-8]
   masvs-v2: [MASVS-AUTH-2]
+  cwe: [287]
 
 refs:
 - https://developer.android.com/training/sign-in/biometric-auth#crypto
diff --git a/weaknesses/MASVS-AUTH/MASWE-0045.md b/weaknesses/MASVS-AUTH/MASWE-0045.md
index ec7f3a8d66..632844b474 100644
--- a/weaknesses/MASVS-AUTH/MASWE-0045.md
+++ b/weaknesses/MASVS-AUTH/MASWE-0045.md
@@ -6,6 +6,7 @@ platform: [android, ios]
 profiles: [L2]
 mappings:
   masvs-v2: [MASVS-AUTH-2]
+  cwe: [288, 287]
 
 refs:
 - https://developer.android.com/training/sign-in/biometric-auth#allow-fallback
diff --git a/weaknesses/MASVS-AUTH/MASWE-0046.md b/weaknesses/MASVS-AUTH/MASWE-0046.md
index 463703032d..cba7105141 100644
--- a/weaknesses/MASVS-AUTH/MASWE-0046.md
+++ b/weaknesses/MASVS-AUTH/MASWE-0046.md
@@ -6,6 +6,7 @@ platform: [android, ios]
 profiles: [L2]
 mappings:
   masvs-v2: [MASVS-AUTH-2, MASVS-CRYPTO-2]
+  cwe: [287, 522]
 
 draft:
   description: Biometric related crypto keys should be is invalidated by default whenever