Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-305 (使用基本弱点进行的认证绕过) — Vulnerability Class 117

117 vulnerabilities classified as CWE-305 (使用基本弱点进行的认证绕过). AI Chinese analysis included.

CWE-305 represents a critical authentication bypass vulnerability where the core cryptographic algorithm remains robust, yet the implementation allows attackers to circumvent security controls through a distinct, primary flaw. This weakness typically manifests when developers rely on flawed logic, such as trusting client-side validation or improperly handling session tokens, rather than strengthening the underlying cipher. Attackers exploit these implementation gaps by manipulating request parameters, bypassing access checks, or exploiting race conditions to gain unauthorized access without breaking the encryption itself. To prevent this, developers must ensure that authentication mechanisms are strictly server-side enforced, avoiding any trust in client-supplied data. Comprehensive input validation, rigorous session management, and regular security audits are essential to identify and remediate these secondary weaknesses, ensuring that the authentication process remains resilient against evasion techniques that target implementation errors rather than algorithmic strength.

MITRE CWE Description
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Common Consequences (1)
Access ControlBypass Protection Mechanism
CVE IDTitleCVSSSeverityPublished
CVE-2025-53167 Huawei HarmonyOS 安全漏洞 — HarmonyOS 6.9 Medium2025-07-07
CVE-2025-52996 File Browser's Password Protection of Links Vulnerable to Bypass — filebrowser 3.1 Low2025-06-30
CVE-2025-46801 Pgpool-II 安全漏洞 — Pgpool-II 9.8 -2025-05-19
CVE-2025-4658 Authentication Bypass in OPKSSH — OPKSSH 9.1AICriticalAI2025-05-13
CVE-2025-3757 Authentication Bypass in OpenPubKey — OPKSSH 7.5AIHighAI2025-05-13
CVE-2025-46750 Authentication Bypass — SEL-3350-1 4.4 Medium2025-05-12
CVE-2025-41450 Authentication bypass with privileged access in Danfoss AK-SM 8xxA Series prior to version 4.2 — AK-SM 8xxA Series 8.2 High2025-05-08
CVE-2025-32011 KUNBUS Revolution Pi Authentication Bypass by Primary Weakness — Revolution Pi PiCtory 9.8 Critical2025-05-01
CVE-2025-24522 KUNBUS Revolution Pi Authentication Bypass by Primary Weakness — Revolution Pi OS Bookworm 10.0 Critical2025-05-01
CVE-2025-31161 CrushFTP 安全漏洞 — CrushFTP 9.8 Critical2025-04-03
CVE-2024-12776 Authentication Bypass in langgenius/dify — langgenius/dify 9.8 -2025-03-20
CVE-2025-1880 i-Drive i11/i12 Device Pairing authentication bypass — i11 2.0 Low2025-03-03
CVE-2025-27370 OpenID Connect Core 安全漏洞 — OpenID Connect 6.9 Medium2025-03-03
CVE-2025-27371 OpenID IETF OAuth 安全漏洞 — RFC 7523 6.9 Medium2025-03-03
CVE-2025-23017 WorkOS Hosted AuthKit 安全漏洞 — Hosted AuthKit 6.0 Medium2025-02-24
CVE-2024-12054 ZF Roll Stability Support Plus (RSSPlus) Authentication Bypass By Primary Weakness — RSSPlus 2M 5.4 Medium2025-02-13
CVE-2024-51738 Sunshine improperly enforces pairing protocol request order — Sunshine 5.9 -2025-01-20
CVE-2024-12802 SonicWALL SSL-VPN 安全漏洞 — SonicOS 9.8 -2025-01-09
CVE-2023-46611 WordPress YOP Poll plugin <= 6.5.28 - Vote Manipulation Due to Broken Captcha Control Vulnerability — YOP Poll 5.3 Medium2025-01-02
CVE-2022-48470 编号已被CVE保留 — HarmonyOS AILife Solution 6.0 4.0 Medium2024-12-28
CVE-2024-12582 Skupper: skupper-cli: flawed authentication method may lead to arbitrary file read or denial of service 7.1 High2024-12-24
CVE-2021-26102 Avfirewalls FortiWAN 授权问题漏洞 — FortiWAN 9.8 Critical2024-12-19
CVE-2023-20154 Cisco Modeling Labs External Authentication Bypass Vulnerability — Cisco Modeling Labs 9.1 Critical2024-11-15
CVE-2024-10394 Theft of credentials in Unix client PAGs — OpenAFS 7.8AIHighAI2024-11-14
CVE-2024-10082 CodeChecker 安全漏洞 — CodeChecker 8.7 High2024-11-06
CVE-2024-50478 WordPress 1-Click Login: Passwordless Authentication plugin 1.4.5 - Broken Authentication vulnerability — 1-Click Login: Passwordless Authentication 9.8 Critical2024-10-28
CVE-2024-9683 Quay: quay allows successful authentication with trucated version of the password 4.8 Medium2024-10-17
CVE-2024-20463 Cisco ATA 190 Series Analog Telephone Adapter Firmware Command Injection and Denial of Service Vulnerability — Cisco Analog Telephone Adaptor (ATA) Software 5.4 Medium2024-10-16
CVE-2024-5957 Trellix IPS Manager 安全漏洞 — Intrusion Prevention System (IPS) Manager 6.3 Medium2024-09-05
CVE-2024-5956 Trellix IPS Manager 安全漏洞 — Intrusion Prevention System (IPS) Manager 6.5 Medium2024-09-05

Vulnerabilities classified as CWE-305 (使用基本弱点进行的认证绕过) represent 117 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.