Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-305 (使用基本弱点进行的认证绕过) — Vulnerability Class 117

117 vulnerabilities classified as CWE-305 (使用基本弱点进行的认证绕过). AI Chinese analysis included.

CWE-305 represents a critical authentication bypass vulnerability where the core cryptographic algorithm remains robust, yet the implementation allows attackers to circumvent security controls through a distinct, primary flaw. This weakness typically manifests when developers rely on flawed logic, such as trusting client-side validation or improperly handling session tokens, rather than strengthening the underlying cipher. Attackers exploit these implementation gaps by manipulating request parameters, bypassing access checks, or exploiting race conditions to gain unauthorized access without breaking the encryption itself. To prevent this, developers must ensure that authentication mechanisms are strictly server-side enforced, avoiding any trust in client-supplied data. Comprehensive input validation, rigorous session management, and regular security audits are essential to identify and remediate these secondary weaknesses, ensuring that the authentication process remains resilient against evasion techniques that target implementation errors rather than algorithmic strength.

MITRE CWE Description
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Common Consequences (1)
Access ControlBypass Protection Mechanism
CVE IDTitleCVSSSeverityPublished
CVE-2022-3100 OpenStack barbican 安全漏洞 — Red Hat OpenStack Platform 5.9 -2023-01-18
CVE-2022-4722 Authentication Bypass by Primary Weakness in ikus060/rdiffweb — ikus060/rdiffweb 9.8 -2022-12-23
CVE-2022-39245 Mist vulnerable to user providing a Sudo binary for authentication checks — mist 8.4 High2022-09-26
CVE-2022-38064 windowmanager in window subsystem has a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information. — OpenHarmony 6.2 Medium2022-09-09
CVE-2022-38081 Tokensync in security subsystem has a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system. — OpenHarmony 6.2 Medium2022-09-09
CVE-2022-38700 multimedia subsystem has a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service. — OpenHarmony 8.8 High2022-09-09
CVE-2022-2651 Authentication Bypass by Primary Weakness in bookwyrm-social/bookwyrm — bookwyrm-social/bookwyrm 9.8 -2022-08-04
CVE-2021-45031 Weak Authentication in Login Function of USC+ — USC+ 7.7 High2022-03-30
CVE-2022-0547 OpenVPN 授权问题漏洞 — OpenVPN 9.8 -2022-03-18
CVE-2022-23729 LG mobile 授权问题漏洞 — LG mobile devices 7.8 -2022-03-04
CVE-2022-0451 Auth bypass in Dark SDK — Dart SDK 6.5 Medium2022-02-18
CVE-2021-26726 Remote code execution in Valmet DNA before Collection 2021 — Valmet DNA 8.8 High2022-02-16
CVE-2021-28503 In Arista's EOS software affected releases, eAPI might skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI. — Arista EOS 7.4 High2022-02-04
CVE-2021-3850 Authentication Bypass by Primary Weakness in adodb/adodb — adodb/adodb 9.8 -2022-01-25
CVE-2021-43175 GOautodial 授权问题漏洞 — GOautodial API 7.5 -2021-12-07
CVE-2021-3547 OpenVPN 信任管理问题漏洞 — OpenVPN 3 Core Library 7.4 -2021-07-12
CVE-2020-15077 OpenVPN 授权问题漏洞 — OpenVPN Access Server 5.9 -2021-06-04
CVE-2020-15078 OpenVPN 访问控制错误漏洞 — OpenVPN 5.9 -2021-04-26
CVE-2021-21403 Authentication Bypass by Primary Weakness in github.com/kongchuanhujiao/server — server 7.5 High2021-03-26
CVE-2020-14359 Red Hat Keycloak 安全漏洞 — keycloak 8.2 -2021-02-23
CVE-2020-15787 Siemens Simatic Hmi 授权问题漏洞 — SIMATIC HMI Unified Comfort Panels 9.8 -2020-09-09
CVE-2020-10126 NCR SelfServ ATMs APTRA XFS 授权问题漏洞 — SelfServ ATM 7.6 -2020-08-21
CVE-2020-10123 NCR SelfServ ATMs APTRA XFS 授权问题漏洞 — SelfServ ATM 7.3 -2020-08-21
CVE-2020-10923 NETGEAR R6700 安全漏洞 — R6700 8.8 -2020-07-28
CVE-2020-11012 Authentication bypass MinIO Admin API — minio 9.3 Critical2020-04-23
CVE-2019-14833 Samba 安全漏洞 — samba 7.1 -2019-11-06
CVE-2019-3878 mod_auth_mellon 授权问题漏洞 — mod_auth_mellon 9.8 -2019-03-26

Vulnerabilities classified as CWE-305 (使用基本弱点进行的认证绕过) represent 117 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.