VYPR

CWE-305

Authentication Bypass by Primary Weakness

BaseDraft

Description

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (72)

page 4 of 4
  • CVE-2024-34077May 13, 2024
    risk 0.00cvss epss 0.01

    MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit…

  • CVE-2023-47090Oct 30, 2023
    risk 0.00cvss epss 0.01

    NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest…

  • CVE-2023-37918Jul 21, 2023
    risk 0.00cvss epss 0.01

    Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. A vulnerability has been found in Dapr that allows bypassing API token authentication, which is used by the Dapr sidecar to authenticate calls coming from the application, with…

  • CVE-2023-1307Mar 10, 2023
    risk 0.00cvss epss 0.01

    Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13.

  • CVE-2023-0777Feb 10, 2023
    risk 0.00cvss epss 0.15

    Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.

  • CVE-2020-36569Dec 27, 2022
    risk 0.00cvss epss 0.01

    Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token.

  • CVE-2022-4722Dec 23, 2022
    risk 0.00cvss epss 0.01

    Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5.

  • CVE-2022-2818Aug 15, 2022
    risk 0.00cvss epss 0.01

    Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2.

  • CVE-2021-3850Jan 25, 2022
    risk 0.00cvss epss 0.02

    Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.

  • CVE-2021-21403Mar 26, 2021
    risk 0.00cvss epss 0.01

    In github.com/kongchuanhujiao/server before version 1.3.21 there is an authentication Bypass by Primary Weakness vulnerability. All users are impacted. This is fixed in version 1.3.21.

  • CVE-2020-14359Feb 23, 2021
    risk 0.00cvss epss 0.01

    A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers (via cURL) an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a…

  • CVE-2019-14909Dec 4, 2019
    risk 0.00cvss epss 0.01

    A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.