VYPR

CWE-592

DEPRECATED: Authentication Bypass Issues

ClassDeprecated

Description

This weakness has been deprecated because it covered redundant concepts already described in CWE-287.

CVEs mapped to this weakness (14)

  • CVE-2018-1085CriJun 15, 2018
    risk 0.59cvss 9.0epss 0.02

    openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf result in etcd being…

  • CVE-2017-2684CriFeb 22, 2017
    risk 0.59cvss 9.0epss 0.02

    Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication.

  • CVE-2026-43512CriMay 12, 2026
    risk 0.57cvss 9.8epss 0.01

    DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0.…

  • CVE-2017-2650HigJul 27, 2018
    risk 0.55cvss 8.5epss 0.01

    It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins.

  • CVE-2016-8371HigApr 5, 2018
    risk 0.51cvss 7.3epss 0.11

    The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled.

  • CVE-2023-30971MedDec 19, 2025
    risk 0.44cvss 6.8epss 0.00

    Gotham Gaia application was found to be exposing multiple unauthenticated endpoints.

  • CVE-2017-7536HigJan 10, 2018
    risk 0.39cvss 7.0epss 0.00

    In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By…

  • CVE-2018-10847MedJul 30, 2018
    risk 0.27cvss 4.2epss 0.02

    prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session…

  • CVE-2017-12164MedJul 26, 2018
    risk 0.27cvss 4.1epss 0.00

    A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.

  • CVE-2016-8616LowAug 1, 2018
    risk 0.17cvss 3.7epss 0.03

    A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has…

  • CVE-2018-14643CriSep 21, 2018
    risk 0.00cvss 9.8epss 0.06

    An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context.

  • CVE-2017-7537MedJul 26, 2018
    risk 0.00cvss 5.9epss 0.01

    It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing…

  • CVE-2014-2367Jul 19, 2014
    risk 0.00cvss epss 0.02

    The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.

  • CVE-2012-4688Dec 31, 2012
    risk 0.00cvss epss 0.02

    The Central application in i-GEN opLYNX before 2.01.9 allows remote attackers to bypass authentication via vectors involving the disabling of browser JavaScript support.