Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-303 (认证算法的不正确实现) — Vulnerability Class 68

68 vulnerabilities classified as CWE-303 (认证算法的不正确实现). AI Chinese analysis included.

CWE-303 represents a critical implementation flaw where developers fail to correctly execute an established authentication algorithm, despite specifying its use in system requirements. This weakness typically arises from coding errors, such as improper handling of cryptographic primitives or logic mistakes in password verification routines. Attackers exploit this vulnerability by manipulating input data to trigger unintended code paths, effectively bypassing authentication mechanisms without valid credentials. Such exploits can lead to unauthorized access, data breaches, and complete system compromise. To prevent CWE-303, developers must rigorously adhere to standardized cryptographic libraries and avoid custom implementations of security-critical algorithms. Comprehensive unit testing, code reviews, and adherence to secure coding guidelines ensure that authentication logic functions as intended, thereby maintaining the integrity of the authentication process and protecting sensitive user data from unauthorized intrusion.

MITRE CWE Description
The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect. This incorrect implementation may allow authentication to be bypassed.
Common Consequences (1)
Access ControlBypass Protection Mechanism
CVE IDTitleCVSSSeverityPublished
CVE-2024-8642 Eclipse EDC: Consumer pull transfer token validation checks not applied — Eclipse EDC Connector 7.5AIHighAI2024-09-11
CVE-2024-25157 Authentication bypass in GoAnywhere MFT prior to 7.6.0 — GoAnywhere MFT 6.5 Medium2024-08-14
CVE-2024-41829 JetBrains TeamCity 安全漏洞 — TeamCity 3.5 Low2024-07-22
CVE-2024-5658 CraftCMS Plugin - Two-Factor Authentication - TOTP Token Stays Valid After Use — CraftCMS Plugin - Two-Factor Authentication 4.8 Medium2024-06-06
CVE-2024-4332 Improper Authentication in Tripwire Enterprise 9.1.0 APIs — Tripwire Enterprise 8.1AIHighAI2024-06-03
CVE-2024-4985 GitHub Enterprise Server 安全漏洞 — Enterprise Server 9.8AICriticalAI2024-05-20
CVE-2024-35190 Asterisk' res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests — asterisk 5.8 Medium2024-05-17
CVE-2023-44420 D-Link DIR-X3260 prog.cgi Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability — DIR-X3260 8.8 -2024-05-03
CVE-2023-34282 D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability — DIR-2150 8.8 -2024-05-03
CVE-2023-34274 D-Link DIR-2150 LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability — DIR-2150 8.8 -2024-05-03
CVE-2023-32152 D-Link DIR-2640 HNAP LoginPassword Authentication Bypass Vulnerability — DIR-2640 8.8 -2024-05-03
CVE-2023-32148 D-Link DIR-2640 HNAP PrivateLogin Authentication Bypass Vulnerability — DIR-2640 8.8 -2024-05-03
CVE-2024-26248 Windows Kerberos Elevation of Privilege Vulnerability — Windows 10 Version 1809 7.5 High2024-04-09
CVE-2024-3046 Eclipse Kura 安全漏洞 — Kura 7.5 High2024-04-09
CVE-2023-31211 Disabled automation users could still authenticate — Checkmk 8.8 High2024-01-12
CVE-2023-4641 Shadow-utils: possible password leak during passwd(1) change 4.7 Medium2023-12-27
CVE-2023-5627 Incorrect Implementation of Authentication Algorithm Vulnerability — NPort 6000 Series 7.5 High2023-11-01
CVE-2023-39953 Issuer not verified from obtained token in user_oidc — security-advisories 4.8 Medium2023-08-10
CVE-2023-3326 Network authentication attack via pam_krb5 — FreeBSD 9.8 -2023-06-22
CVE-2023-29357 Microsoft SharePoint Server Elevation of Privilege Vulnerability — Microsoft SharePoint Server 2019 9.8 Critical2023-06-13
CVE-2023-29129 Siemens Mendix SAML Module 授权问题漏洞 — Mendix SAML (Mendix 7 compatible) 9.1 Critical2023-06-13
CVE-2022-41985 Weston Embedded uC-FTPs 授权问题漏洞 — uC-FTPs 8.6 High2023-05-10
CVE-2022-43635 TP-LINK TL-WR940N 安全漏洞 — TL-WR940N 6.5 -2023-03-29
CVE-2023-25957 Siemens Mendix SAML Module 授权问题漏洞 — Mendix SAML (Mendix 7 compatible) 9.1 Critical2023-03-14
CVE-2022-4861 Incorrect Implementation of Authentication Algorithm — M-Files Client 4.8 Medium2022-12-30
CVE-2022-46146 Prometheus Exporter Toolkit vulnerable to basic authentication bypass — exporter-toolkit 6.2 Medium2022-11-29
CVE-2022-39366 DataHub missing JWT signature check — datahub 9.9 Critical2022-10-28
CVE-2022-20923 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers IPSec VPN Server Authentication Bypass Vulnerability — Cisco Small Business RV Series Router Firmware 4.0 Medium2022-09-08
CVE-2022-33736 Siemens Opcenter Quality 授权问题漏洞 — Opcenter Quality V13.1 9.1 -2022-07-12
CVE-2022-20695 Cisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability — Cisco Wireless LAN Controller (WLC) 10.0 Critical2022-04-15

Vulnerabilities classified as CWE-303 (认证算法的不正确实现) represent 68 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.