VYPR

CWE-289

Authentication Bypass by Alternate Name

BaseIncomplete

Description

The product performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (25)

page 2 of 2
  • CVE-2025-64521Nov 19, 2025
    risk 0.00cvss epss 0.00

    authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, when authenticating with client_id and client_secret to an OAuth provider, authentik creates a service account for the provider. In previous authentik versions, authentication for this…

  • CVE-2024-45691Nov 20, 2024
    risk 0.00cvss epss 0.00

    A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less secure due to a loose comparison in the password-checking logic. This issue only affected passwords set to "magic hash" values.

  • CVE-2023-51663Dec 29, 2023
    risk 0.00cvss epss 0.00

    Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect (OIDC) email addresses from ID tokens to verify the validity of a user's domain, but because users have…

  • CVE-2023-41890Sep 19, 2023
    risk 0.00cvss epss 0.01

    Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. Prior to versions 1.0.3 and 2.9.2, when a response is processed, the issuer of the Identity Provider is not sufficiently validated. This could allow a…

  • CVE-2021-30640Jul 12, 2021
    risk 0.00cvss epss 0.10

    A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to…