Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-592 — Vulnerability Class 19

19 vulnerabilities classified as CWE-592. AI Chinese analysis included.

CWE-592 represents a deprecated authentication bypass weakness, now subsumed by the more comprehensive CWE-287. This vulnerability occurs when an application fails to properly verify user credentials or session tokens, allowing unauthorized entities to impersonate legitimate users. Attackers typically exploit this flaw by manipulating authentication headers, replaying valid tokens, or bypassing login mechanisms entirely to gain illicit access to restricted resources. To prevent such breaches, developers must implement robust, standardized authentication protocols like OAuth or OpenID Connect, ensuring that every access request undergoes rigorous validation. It is crucial to avoid custom authentication logic, which often introduces subtle flaws. Instead, relying on well-tested, industry-standard libraries and frameworks helps mitigate risks. By adhering to these best practices and understanding that CWE-592 is obsolete, engineers can focus on implementing secure, verified identity management systems that effectively protect sensitive data from unauthorized intrusion.

MITRE CWE Description
This weakness has been deprecated because it covered redundant concepts already described in CWE-287.
CVE IDTitleCVSSSeverityPublished
CVE-2023-30971 Gaia unauthenticated endpoints — com.palantir.acme.gaia:gaia 6.8 Medium2025-12-19
CVE-2019-14843 Red Hat wildfly-security-manager 安全漏洞 — wildfly-security-manager 9.1 -2020-01-07
CVE-2019-10201 Red Hat Keycloak 授权问题漏洞 — keycloak 8.1 -2019-08-14
CVE-2019-10198 foreman-tasks 授权问题漏洞 — foreman-tasks 6.5 -2019-07-31
CVE-2019-3899 Heketi 访问控制错误漏洞 — heketi 9.8 -2019-04-22
CVE-2014-5432 Baxter Wireless Battery Module 安全漏洞 — SIGMA Spectrum Infusion System 9.8 -2019-03-26
CVE-2018-10933 libssh server-side state machine 安全漏洞 — libssh 9.1 -2018-10-17
CVE-2018-14643 Foreman smart_proxy_dynflow组件安全漏洞 — smart_proxy_dynflow 9.8 -2018-09-21
CVE-2016-8616 Haxx curl 信任管理漏洞 — curl 5.9 -2018-08-01
CVE-2018-10847 Prosody 安全漏洞 — prosody 9.8 -2018-07-30
CVE-2017-2650 CloudBees Jenkins Pipeline: Classpath Steps插件安全漏洞 — Pipeline: Classpath Step Jenkins plugin 8.5 -2018-07-27
CVE-2017-12164 GDM 安全漏洞 — gdm 6.4 -2018-07-26
CVE-2017-7537 pki-core 信任管理问题漏洞 — pki-core 7.5 -2018-07-26
CVE-2018-1085 Red Hat openshift-ansible 安全漏洞 — openshift-ansible 9.1 -2018-06-15
CVE-2016-8371 Phoenix Contact ILC PLC 授权问题漏洞 — Phoenix Contact ILC PLCs 6.5 -2018-04-05
CVE-2017-7536 Red Hat Hibernate Validator 安全漏洞 — hibernate-validator 7.1 -2018-01-10
CVE-2017-2684 多款Siemens SIMATIC产品安全漏洞 — SIMATIC Logon All versions < V1.5 SP3 Update 2 9.0 -2017-02-22
CVE-2014-2367 Advantech WebAccess Authentication Bypass Issues — WebAccess 7.5 -2014-07-19
CVE-2012-4688 I-GEN opLYNX Central Authentication Bypass — opLYNX 9.8 -2012-12-31

Vulnerabilities classified as CWE-592 represent 19 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.