CWE-1390
Weak Authentication
ClassIncomplete
Description
The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.
Hierarchy (View 1000)
CVEs mapped to this weakness (22)
page 2 of 2| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-41862 | Med | 0.34 | 5.3 | 0.00 | Dec 13, 2024 | Weak Authentication vulnerability in Guido VS Contact Form allows Authentication Abuse.This issue affects VS Contact Form: from n/a through 14.0. | |
| CVE-2025-29991 | Low | 0.14 | 2.2 | 0.00 | Apr 3, 2025 | Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification. |