Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1390 — Vulnerability Class 62

62 vulnerabilities classified as CWE-1390. AI Chinese analysis included.

CWE-1390 represents a critical authentication weakness where the system fails to adequately verify a user’s claimed identity, allowing unauthorized access through insufficient proof mechanisms. Attackers typically exploit this vulnerability by bypassing security controls with minimal effort, often leveraging weak passwords, missing multi-factor authentication, or flawed session management to gain illicit entry. This deficiency enables rapid credential stuffing or brute-force attacks that succeed where robust systems would fail. To mitigate this risk, developers must implement strong, multi-layered authentication protocols, including complex password policies, multi-factor authentication, and adaptive risk-based analysis. By ensuring that identity verification is rigorous and resistant to common bypass techniques, organizations can significantly reduce the attack surface and protect sensitive resources from unauthorized exploitation.

MITRE CWE Description
The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct. Attackers may be able to bypass weak authentication faster and/or with less effort than expected.
Common Consequences (1)
Integrity, Confidentiality, Availability, Access ControlRead Application Data, Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands
This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.
Examples (1)
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these…
CVE IDTitleCVSSSeverityPublished
CVE-2026-0204 SonicWALL SonicOS 访问控制错误漏洞 — SonicOS 9.1AICriticalAI2026-04-29
CVE-2026-6886 BorG Technology Corporation|Borg SPM 2007 - Authentication Bypass — Borg SPM 2007 9.8 Critical2026-04-23
CVE-2026-4924 Devolutions Server 安全漏洞 — Server 8.8AIHighAI2026-04-01
CVE-2026-4828 Devolutions Server 安全漏洞 — Server 8.1AIHighAI2026-04-01
CVE-2026-32497 WordPress User Verification plugin <= 2.0.45 - Email Verification Bypass vulnerability — User Verification 5.3 Medium2026-03-25
CVE-2025-62844 QuRouter — QuRouter 5.5 -2026-03-20
CVE-2026-28710 Acronis Cyber Protect 安全漏洞 — Acronis Cyber Protect 17 9.1 -2026-03-05
CVE-2025-15595 Privilege escalation via dll hijacking in Inno Setup — Inno Setup 7.8AIHighAI2026-03-03
CVE-2026-1693 Use of vulnerable Resource Owner Password Credentials flow — PcVue 9.1AICriticalAI2026-02-26
CVE-2025-30412 Acronis Cyber Protect 安全漏洞 — Acronis Cyber Protect 16 9.1AICriticalAI2026-02-20
CVE-2025-30411 Acronis Cyber Protect 安全漏洞 — Acronis Cyber Protect 16 9.1AICriticalAI2026-02-20
CVE-2025-57713 File Station 5 — File Station 5 7.5AIHighAI2026-02-11
CVE-2025-40554 SolarWinds Web Help Desk Authentication Bypass Vulnerability — Web Help Desk 9.8 Critical2026-01-28
CVE-2025-40552 SolarWinds Web Help Desk Authentication Bypass Vulnerability — Web Help Desk 9.8 Critical2026-01-28
CVE-2023-53894 phpfm 1.7.9 Authentication Bypass via Type Juggling Vulnerability — phpfm 9.8 Critical2025-12-16
CVE-2025-12871 aEnrich|a+HRD - Authentication Abuse — a+HRD 9.8 Critical2025-11-12
CVE-2025-12870 aEnrich|eHRD - Authentication Abuse — a+HRD 9.8 Critical2025-11-12
CVE-2025-11084 FactoryTalk® DataMosaix™ Private Cloud – Authentication Bypass — FactoryTalk® DataMosaix™ Private Cloud 7.4 -2025-11-11
CVE-2025-59249 Microsoft Exchange Server Elevation of Privilege Vulnerability — Microsoft Exchange Server 2016 Cumulative Update 23 8.8 High2025-10-14
CVE-2025-49201 Fortinet FortiSwitchManager和Fortinet FortiPAM 安全漏洞 — FortiPAM 7.4 High2025-10-14
CVE-2025-50173 Windows Installer Elevation of Privilege Vulnerability — Multimedia Redirection Installer 7.8 High2025-08-12
CVE-2025-47995 Azure Machine Learning Elevation of Privilege Vulnerability — Azure Machine Learning 6.5 Medium2025-07-18
CVE-2025-1727 End-of-Train and Head-of-Train Remote Linking Protocol Weak Authentication — End-of-Train and Head-of-Train remote linking protocol 8.1 High2025-07-10
CVE-2025-7326 EOL ASP.NET Core Elevation of Privilege Vulnerability — ASP.NET Core 6.0 7.0 High2025-07-08
CVE-2025-47479 WordPress WP Compress plugin <= 6.30.30 - Broken Authentication Vulnerability — WP Compress 5.3 Medium2025-07-04
CVE-2025-5484 SinoTrack GPS Receiver Weak Authentication — IOT PC Platform 8.3 High2025-06-12
CVE-2024-32119 Fortinet FortiClientEMS 安全漏洞 — FortiClientEMS 4.6 Medium2025-06-10
CVE-2025-0605 Weak Authentication in GitLab — GitLab 4.6 Medium2025-05-22
CVE-2025-39596 WordPress Quentn WP plugin <= 1.2.8 - Privilege Escalation Vulnerability — Quentn WP 9.8 Critical2025-04-17
CVE-2025-26635 Windows Hello Security Feature Bypass Vulnerability — Windows 10 Version 1809 6.5 Medium2025-04-08

Vulnerabilities classified as CWE-1390 represent 62 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.