Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-305 (使用基本弱点进行的认证绕过) — Vulnerability Class 117

117 vulnerabilities classified as CWE-305 (使用基本弱点进行的认证绕过). AI Chinese analysis included.

CWE-305 represents a critical authentication bypass vulnerability where the core cryptographic algorithm remains robust, yet the implementation allows attackers to circumvent security controls through a distinct, primary flaw. This weakness typically manifests when developers rely on flawed logic, such as trusting client-side validation or improperly handling session tokens, rather than strengthening the underlying cipher. Attackers exploit these implementation gaps by manipulating request parameters, bypassing access checks, or exploiting race conditions to gain unauthorized access without breaking the encryption itself. To prevent this, developers must ensure that authentication mechanisms are strictly server-side enforced, avoiding any trust in client-supplied data. Comprehensive input validation, rigorous session management, and regular security audits are essential to identify and remediate these secondary weaknesses, ensuring that the authentication process remains resilient against evasion techniques that target implementation errors rather than algorithmic strength.

MITRE CWE Description
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Common Consequences (1)
Access ControlBypass Protection Mechanism
CVE IDTitleCVSSSeverityPublished
CVE-2024-7557 Odh-dashboard: odh-model-controller: cross-model authentication bypass in openshift ai 8.8 High2024-08-08
CVE-2024-4784 Authentication Bypass by Primary Weakness in GitLab — GitLab 4.2 Medium2024-08-08
CVE-2024-6637 WooCommerce - Social Login <= 2.7.3 - Unauthenticated Privilege Escalation via One-Time Password — WooCommerce - Social Login 7.3 High2024-07-20
CVE-2024-38433 Nuvoton - CWE-305: Authentication Bypass by Primary Weakness — NPCM7xx (Poleg) BootBlock 6.7 Medium2024-07-11
CVE-2024-39899 PrivateBin allows shortening of URLs for other domains — PrivateBin 5.3 Medium2024-07-09
CVE-2023-41920 Authentication Bypass by Primary Weakness in Kiloview P1/P2 devices — P1/P2 9.8 Critical2024-07-02
CVE-2023-4727 Ca: token authentication bypass vulnerability 7.5 High2024-06-11
CVE-2024-36388 MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function — DeviceHub 10.0 Critical2024-06-02
CVE-2024-34077 MantisBT user account takeover in the signup/reset password process — mantisbt 7.3 High2024-05-13
CVE-2024-20378 Cisco IP Phone 安全漏洞 — Cisco IP Phones with Multiplatform Firmware 7.5 High2024-05-01
CVE-2023-6153 Authentication Bypass in TeoSOFT Software TeoBASE — TeoBASE 9.8 Critical2024-03-27
CVE-2024-1202 Authentication Bypass in XPodas' Octopod — Octopod 9.8 Critical2024-03-05
CVE-2023-7103 Authentication Bypass in ZKSoftware's UFace 5 — UFace 5 9.8 Critical2024-03-05
CVE-2024-1403 Authentication Bypass in OpenEdge Authentication Gateway and AdminServer — OpenEdge 10.0 Critical2024-02-27
CVE-2024-20674 Windows Kerberos Security Feature Bypass Vulnerability — Windows 10 Version 1809 8.8 High2024-01-09
CVE-2023-6998 Lockscreen bypass in eWeLink App — eWeLink - Smart Home 7.7 High2023-12-30
CVE-2023-4939 SALESmanago <= 3.2.4 - Log Injection via Weak Authentication Token — SALESmanago & Leadoo 5.3 Medium2023-10-21
CVE-2023-4898 Authentication Bypass by Primary Weakness in mintplex-labs/anything-llm — mintplex-labs/anything-llm 9.8 -2023-09-11
CVE-2023-36497 Dover Fueling Solutions MAGLINK LX Web Console Authentication Bypass by Primary Weakness — MAGLINK LX Web Console Configuration 8.8 High2023-09-11
CVE-2023-2959 Authentication Bypass by Primary Weakness in Oliva Expertise — Oliva Expertise EKS 7.5 High2023-07-17
CVE-2023-34137 SonicWALL Analytics和GMS 授权问题漏洞 — GMS 9.8 -2023-07-13
CVE-2023-34124 SonicWALL Analytics和GMS 授权问题漏洞 — GMS 9.8 -2023-07-13
CVE-2023-28126 Ivanti Avalanche 竞争条件问题漏洞 — Avalanche 8.1 -2023-05-09
CVE-2022-40723 Configuration-based MFA Bypass in PingID RADIUS PCV. — PingID Radius PCV 6.5 Medium2023-04-25
CVE-2023-1833 Authentication Bypass in Redline Router — Redline Router 9.8 Critical2023-04-14
CVE-2023-27535 curl 授权问题漏洞 — https://github.com/curl/curl 9.1 -2023-03-30
CVE-2023-27536 curl 授权问题漏洞 — https://github.com/curl/curl 9.8 -2023-03-30
CVE-2023-27538 libcurl 授权问题漏洞 — https://github.com/curl/curl 9.1 -2023-03-30
CVE-2023-1307 Authentication Bypass by Primary Weakness in froxlor/froxlor — froxlor/froxlor 9.8 -2023-03-10
CVE-2023-0777 Authentication Bypass by Primary Weakness in modoboa/modoboa — modoboa/modoboa 9.8 -2023-02-10

Vulnerabilities classified as CWE-305 (使用基本弱点进行的认证绕过) represent 117 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.