VYPR

CWE-305

Authentication Bypass by Primary Weakness

BaseDraft

Description

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (72)

page 2 of 4
  • CVE-2026-2652HigMay 15, 2026
    risk 0.49cvss 8.6epss 0.01

    A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled (`--app-name basic-auth`) and served via uvicorn (ASGI). The FastAPI permission middleware only enforces…

  • CVE-2023-4727HigJun 11, 2024
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to…

  • CVE-2023-2959HigJul 17, 2023
    risk 0.49cvss 7.5epss 0.01

    Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users.This issue affects Oliva Expertise EKS: before 1.2.

  • CVE-2026-33892HigApr 14, 2026
    risk 0.46cvss 7.1epss 0.00

    A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management Pro V2 (All versions >= V2.0.0 < V2.1.1), Industrial Edge Management Virtual (All versions >= V2.2.0 < V2.8.0). Affected management systems do…

  • CVE-2026-33496HigMar 26, 2026
    risk 0.46cvss 8.1epss 0.00

    ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The `oauth2_introspection` authenticator…

  • CVE-2024-12582HigDec 24, 2024
    risk 0.46cvss 7.1epss 0.00

    A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is…

  • CVE-2024-8642HigSep 11, 2024
    risk 0.46cvss 8.1epss 0.00

    In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. The…

  • CVE-2025-27371MedMar 3, 2025
    risk 0.45cvss 6.9epss 0.00

    In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism is used, there are ambiguities in the audience values of JWTs sent to authorization servers. The affected RFCs may include RFC 7523, and also RFC 7521,…

  • CVE-2025-27370MedMar 3, 2025
    risk 0.45cvss 6.9epss 0.00

    OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the private_key_jwt authentication mechanism is used, a malicious Authorization Server could trick a Client into writing attacker-controlled values into the audience, including…

  • CVE-2026-41054HigMay 20, 2026
    risk 0.44cvss 7.8epss 0.00

    In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it…

  • CVE-2025-7064MedJun 11, 2026
    risk 0.43cvss 6.6epss 0.00

    Authentication bypass by primary weakness vulnerability in ABB Freelance. This issue affects Freelance: through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, 2024.

  • CVE-2025-68609MedJan 22, 2026
    risk 0.43cvss 6.6epss 0.00

    A vulnerability in Palantir's Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, potentially allowing any…

  • CVE-2025-53534HigAug 5, 2025
    risk 0.43cvss epss 0.01

    RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel (including but not limited to weak default paths, brute-force cracking, etc.), they can execute system commands or take…

  • CVE-2026-40039MedApr 13, 2026
    risk 0.42cvss 6.5epss 0.00

    Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users to arbitrary external websites by manipulating the return_to parameter. Attackers can craft malicious login URLs with unvalidated return_to values to conduct phishing attacks and…

  • CVE-2025-23017MedFeb 24, 2025
    risk 0.39cvss 6.0epss 0.00

    WorkOS Hosted AuthKit before 2025-01-07 allows a password authentication MFA bypass (by enrolling a new authentication factor) when the attacker knows the user's password. No exploitation occurred.

  • CVE-2026-3591MedMar 25, 2026
    risk 0.35cvss 5.4epss 0.00

    A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP…

  • CVE-2026-3784MedMar 11, 2026
    risk 0.35cvss 6.5epss 0.00

    curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.

  • CVE-2024-12054MedFeb 13, 2025
    risk 0.35cvss 5.4epss 0.00

    ZF Roll Stability Support Plus (RSSPlus) is vulnerable to an authentication bypass vulnerability targeting deterministic RSSPlus SecurityAccess service seeds, which may allow an attacker to remotely (proximal/adjacent with RF equipment or via pivot from J2497 telematics…

  • CVE-2026-20152MedApr 15, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improper validation of user-supplied…

  • CVE-2026-1290MedJan 21, 2026
    risk 0.34cvss epss 0.00

    Authentication Bypass by Primary Weakness vulnerability in Jamf Jamf Pro allows unspecified impact.This issue affects Jamf Pro: from 11.20 through 11.24.