VYPR

CWE-302

Authentication Bypass by Assumed-Immutable Data

BaseIncomplete

Description

The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-13 · CAPEC-21 · CAPEC-274 · CAPEC-31 · CAPEC-39 · CAPEC-45 · CAPEC-77

CVEs mapped to this weakness (21)

page 2 of 2
  • CVE-2022-23501Dec 14, 2022
    risk 0.00cvss epss 0.00

    TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions),…