OWASP · cpholguera · Feb 6, 2025 · Feb 4, 2025
diff --git a/weaknesses/MASVS-AUTH/MASWE-0041.md b/weaknesses/MASVS-AUTH/MASWE-0041.md
@@ -7,7 +7,7 @@ profiles: [L1, L2]
 mappings:
   masvs-v1: [MSTG-AUTH-1]
   masvs-v2: [MASVS-AUTH-2]
-  cwe: [603, 307, 287]
+  cwe: [603, 287]
 
 draft:
   description: General authentication best practice. Only for apps with connection.

diff --git a/weaknesses/MASVS-AUTH/MASWE-0042.md b/weaknesses/MASVS-AUTH/MASWE-0042.md
@@ -7,7 +7,7 @@ profiles: [L1, L2]
 mappings:
   masvs-v1: [MSTG-AUTH-12]
   masvs-v2: [MASVS-AUTH-2]
-  cwe: [284, 285, 862, 863]
+  cwe: [285, 602, 863]
 
 refs:
 - https://developers.google.com/identity/smartlock-passwords/android/associate-apps-and-sites

diff --git a/weaknesses/MASVS-AUTH/MASWE-0043.md b/weaknesses/MASVS-AUTH/MASWE-0043.md
@@ -6,6 +6,7 @@ platform: [android, ios]
 profiles: [L2]
 mappings:
   masvs-v2: [MASVS-AUTH-2, MASVS-CRYPTO-2]
+  cwe: [922, 326, 312]
 
 draft:
   description: It's better to use the OS Local Auth / bind to a key stored in the

diff --git a/weaknesses/MASVS-AUTH/MASWE-0044.md b/weaknesses/MASVS-AUTH/MASWE-0044.md
@@ -7,6 +7,7 @@ profiles: [L2]
 mappings:
   masvs-v1: [MSTG-AUTH-8]
   masvs-v2: [MASVS-AUTH-2]
+  cwe: [287]
 
 refs:
 - https://developer.android.com/training/sign-in/biometric-auth#crypto

diff --git a/weaknesses/MASVS-AUTH/MASWE-0045.md b/weaknesses/MASVS-AUTH/MASWE-0045.md
@@ -6,6 +6,7 @@ platform: [android, ios]
 profiles: [L2]
 mappings:
   masvs-v2: [MASVS-AUTH-2]
+  cwe: [288, 287]
 
 refs:
 - https://developer.android.com/training/sign-in/biometric-auth#allow-fallback

diff --git a/weaknesses/MASVS-AUTH/MASWE-0046.md b/weaknesses/MASVS-AUTH/MASWE-0046.md
@@ -6,6 +6,7 @@ platform: [android, ios]
 profiles: [L2]
 mappings:
   masvs-v2: [MASVS-AUTH-2, MASVS-CRYPTO-2]
+  cwe: [287, 522]
 
 draft:
   description: Biometric related crypto keys should be is invalidated by default whenever