Common Weakness Enumeration

CWE-303

Allowed

Incorrect Implementation of Authentication Algorithm

Abstraction: Base · Status: Draft

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

153 vulnerabilities reference this CWE, most recent first.

CVE-2024-10127 (GCVE-0-2024-10127)

Vulnerability from cvelistv5 – Published: 2024-11-20 08:36 – Updated: 2026-02-23 10:21
VLAI
Title
Support for authentication bypass condition in M-Files LDAP authentication
Summary
Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-303 - Incorrect Implementation of Authentication Algorithm
Impacted products
Vendor Product Version
M-Files Corporation M-Files Server Affected: 0 , < 24.11 (semver)
Unaffected: 0 , < 24.8 LTS SR2 (custom)
Create a notification for this product.
m-files m-files Affected: 0 , < 24.11 (semver)
    cpe:2.3:a:m-files:m-files:-:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:m-files:m-files:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "m-files",
            "vendor": "m-files",
            "versions": [
              {
                "lessThan": "24.11",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10127",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-20T20:20:29.147851Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T14:40:27.028Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "M-Files Server",
          "vendor": "M-Files Corporation",
          "versions": [
            {
              "lessThan": "24.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "24.8 LTS SR2",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration."
            }
          ],
          "value": "Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-114",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-114 Authentication Abuse"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.2,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-303",
              "description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-23T10:21:16.507Z",
        "orgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410",
        "shortName": "M-Files Corporation"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://product.m-files.com/security-advisories/CVE-2024-10127"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://empower.m-files.com/security-advisories/CVE-2024-10127"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to patched version\n\n\u003cbr\u003e"
            }
          ],
          "value": "Update to patched version"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Support for authentication bypass condition in M-Files LDAP authentication",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410",
    "assignerShortName": "M-Files Corporation",
    "cveId": "CVE-2024-10127",
    "datePublished": "2024-11-20T08:36:03.443Z",
    "dateReserved": "2024-10-18T13:26:52.758Z",
    "dateUpdated": "2026-02-23T10:21:16.507Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-9999 (GCVE-0-2024-9999)

Vulnerability from cvelistv5 – Published: 2024-11-12 16:33 – Updated: 2024-11-12 17:19
VLAI
Title
Multi-Factor Authentication Bypass in Progress WS_FTP Server
Summary
In WS_FTP Server versions before 8.8.9 (2022.0.9), an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-303 - Incorrect Implementation of Authentication Algorithm
Assigner
References
Impacted products
Vendor Product Version
Progress Software Corporation WS_FTP Server Affected: 0 , < 8.8.9 (semver)
Unaffected: 9.0.* (semver)
Create a notification for this product.
progress_software ws_ftp_server Affected: 0 , < 8.8.9 (custom)
    cpe:2.3:a:progress_software:ws_ftp_server:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
isira_adithya from BugCrowd
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:progress_software:ws_ftp_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ws_ftp_server",
            "vendor": "progress_software",
            "versions": [
              {
                "lessThan": "8.8.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9999",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-12T17:16:17.988442Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T17:19:06.940Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "WS_FTP Server",
          "vendor": "Progress Software Corporation",
          "versions": [
            {
              "lessThan": "8.8.9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "9.0.*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "isira_adithya from BugCrowd"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In WS_FTP Server versions before 8.8.9 (2022.0.9), an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only."
            }
          ],
          "value": "In WS_FTP Server versions before 8.8.9 (2022.0.9), an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-114",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-114 Authentication Abuse"
            }
          ]
        },
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        },
        {
          "capecId": "CAPEC-554",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-554 Functionality Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-303",
              "description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-12T16:33:00.600Z",
        "orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
        "shortName": "ProgressSoftware"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2024"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.progress.com/ftp-server"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Multi-Factor Authentication Bypass in Progress WS_FTP Server",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
    "assignerShortName": "ProgressSoftware",
    "cveId": "CVE-2024-9999",
    "datePublished": "2024-11-12T16:33:00.600Z",
    "dateReserved": "2024-10-15T14:12:52.968Z",
    "dateUpdated": "2024-11-12T17:19:06.940Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-8642 (GCVE-0-2024-8642)

Vulnerability from cvelistv5 – Published: 2024-09-11 13:34 – Updated: 2024-09-11 14:06
VLAI
Title
Eclipse EDC: Consumer pull transfer token validation checks not applied
Summary
In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. The issue requires to have a dataplane configured to support http proxy consumer pull AND include the module "transfer-data-plane". The affected code was marked deprecated from the version 0.6.0 in favour of Dataplane Signaling. In 0.9.0 the vulnerable code has been removed.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
Impacted products
Vendor Product Version
Eclipse Foundation Eclipse EDC Connector Affected: 0.5.0 , < 0.9.0 (semver)
Create a notification for this product.
eclipse_foundation edc Affected: 0.5.0 , < 0.9.0 (custom)
    cpe:2.3:a:eclipse_foundation:edc:0.5.0:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:eclipse_foundation:edc:0.5.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "edc",
            "vendor": "eclipse_foundation",
            "versions": [
              {
                "lessThan": "0.9.0",
                "status": "affected",
                "version": "0.5.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8642",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-11T14:03:51.264915Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T14:06:55.373Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2/",
          "defaultStatus": "unaffected",
          "modules": [
            "transfer-data-plane"
          ],
          "packageName": "org.eclipse.edc:transfer-data-plane",
          "product": "Eclipse EDC Connector",
          "repo": "https://github.com/eclipse-edc/Connector",
          "vendor": "Eclipse Foundation",
          "versions": [
            {
              "lessThan": "0.9.0",
              "status": "affected",
              "version": "0.5.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. The issue requires to have a dataplane configured to support http proxy consumer pull AND include the module \"transfer-data-plane\". The affected code was marked deprecated from the version 0.6.0 in favour of Dataplane Signaling. In 0.9.0 the vulnerable code has been removed."
            }
          ],
          "value": "In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. The issue requires to have a dataplane configured to support http proxy consumer pull AND include the module \"transfer-data-plane\". The affected code was marked deprecated from the version 0.6.0 in favour of Dataplane Signaling. In 0.9.0 the vulnerable code has been removed."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "GREEN",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/RE:L/U:Green",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "LOW"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-303",
              "description": "CWE-303",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-11T13:34:28.463Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/234"
        },
        {
          "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/28"
        },
        {
          "url": "https://github.com/eclipse-edc/Connector/commit/04899e91dcdb4a407db4eb7af3e7b6ff9a9e9ad6"
        },
        {
          "url": "https://github.com/eclipse-edc/Connector/releases/tag/v0.9.0"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Eclipse EDC: Consumer pull transfer token validation checks not applied",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2024-8642",
    "datePublished": "2024-09-11T13:34:28.463Z",
    "dateReserved": "2024-09-10T06:20:33.205Z",
    "dateUpdated": "2024-09-11T14:06:55.373Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-8314 (GCVE-0-2024-8314)

Vulnerability from cvelistv5 – Published: 2025-03-25 04:30 – Updated: 2025-03-25 13:34
VLAI
Title
Improper session handling in B&R APROL
Summary
An Incorrect Implementation of Authentication Algorithm and Exposure of Data Element to Wrong Ses-sion vulnerability in the session handling used in B&R APROL <4.4-00P5 may allow an authenticated network attacker to take over a currently active user session without login credentials.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-303 - Incorrect Implementation of Authentication Algorithm
  • CWE-488 - Exposure of Data Element to Wrong Session
Assigner
ABB
Impacted products
Vendor Product Version
B&R Industrial Automation GmbH APROL Affected: 4.4 , < 4.4-00P5 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8314",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-25T13:31:38.218580Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-25T13:34:31.280Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "APROL",
          "vendor": "B\u0026R Industrial Automation GmbH",
          "versions": [
            {
              "lessThan": "4.4-00P5",
              "status": "affected",
              "version": "4.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Incorrect Implementation of Authentication Algorithm and Exposure of Data Element to Wrong Ses-sion vulnerability in the session handling used in B\u0026amp;R APROL \u0026lt;4.4-00P5 may allow an authenticated network attacker to take over a currently active user session without login credentials.\u003cbr\u003e"
            }
          ],
          "value": "An Incorrect Implementation of Authentication Algorithm and Exposure of Data Element to Wrong Ses-sion vulnerability in the session handling used in B\u0026R APROL \u003c4.4-00P5 may allow an authenticated network attacker to take over a currently active user session without login credentials."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-303",
              "description": "CWE-303 Incorrect Implementation of Authentication Algorithm",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-488",
              "description": "CWE-488 Exposure of Data Element to Wrong Session",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-25T04:30:17.669Z",
        "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "shortName": "ABB"
      },
      "references": [
        {
          "url": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Improper session handling in B\u0026R APROL",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
    "assignerShortName": "ABB",
    "cveId": "CVE-2024-8314",
    "datePublished": "2025-03-25T04:30:17.669Z",
    "dateReserved": "2024-08-29T15:09:02.939Z",
    "dateUpdated": "2025-03-25T13:34:31.280Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7593 (GCVE-0-2024-7593)

Vulnerability from cvelistv5 – Published: 2024-08-13 18:17 – Updated: 2025-10-21 22:55
VLAI
Summary
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
SSVC
Exploitation: active Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
  • CWE-303 - Incorrect Implementation of Authentication Algorithm
Assigner
Impacted products
Vendor Product Version
Ivanti vTM Unaffected: 22.7R2 (custom)
Unaffected: 22.2R1 (custom)
Create a notification for this product.
ivanti virtual_traffic_manager Affected: 22.7r1 , < 22.7r2 (custom)
Affected: 22.2 , < 22.2r1 (custom)
Affected: 22.3 , < 22.3r3 (custom)
Affected: 22.3r2 , < 22.3r3 (custom)
Affected: 22.6r1 , < 22.6r2 (custom)
Affected: 22.5r1 , < 22.5r2 (custom)
    cpe:2.3:a:ivanti:virtual_traffic_manager:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ivanti:virtual_traffic_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "virtual_traffic_manager",
            "vendor": "ivanti",
            "versions": [
              {
                "lessThan": "22.7r2",
                "status": "affected",
                "version": "22.7r1",
                "versionType": "custom"
              },
              {
                "lessThan": "22.2r1",
                "status": "affected",
                "version": "22.2",
                "versionType": "custom"
              },
              {
                "lessThan": "22.3r3",
                "status": "affected",
                "version": "22.3",
                "versionType": "custom"
              },
              {
                "lessThan": "22.3r3",
                "status": "affected",
                "version": "22.3r2",
                "versionType": "custom"
              },
              {
                "lessThan": "22.6r2",
                "status": "affected",
                "version": "22.6r1",
                "versionType": "custom"
              },
              {
                "lessThan": "22.5r2",
                "status": "affected",
                "version": "22.5r1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:ivanti:virtual_traffic_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "virtual_traffic_manager",
            "vendor": "ivanti",
            "versions": [
              {
                "lessThan": "22.7r2",
                "status": "affected",
                "version": "22.7r1",
                "versionType": "custom"
              },
              {
                "lessThan": "22.2r1",
                "status": "affected",
                "version": "22.2",
                "versionType": "custom"
              },
              {
                "lessThan": "22.3r3",
                "status": "affected",
                "version": "22.3",
                "versionType": "custom"
              },
              {
                "lessThan": "22.3r3",
                "status": "affected",
                "version": "22.3r2",
                "versionType": "custom"
              },
              {
                "lessThan": "22.6r2",
                "status": "affected",
                "version": "22.6r1",
                "versionType": "custom"
              },
              {
                "lessThan": "22.5r2",
                "status": "affected",
                "version": "22.5r1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:ivanti:virtual_traffic_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "virtual_traffic_manager",
            "vendor": "ivanti",
            "versions": [
              {
                "lessThan": "22.7r2",
                "status": "affected",
                "version": "22.7r1",
                "versionType": "custom"
              },
              {
                "lessThan": "22.2r1",
                "status": "affected",
                "version": "22.2",
                "versionType": "custom"
              },
              {
                "lessThan": "22.3r3",
                "status": "affected",
                "version": "22.3",
                "versionType": "custom"
              },
              {
                "lessThan": "22.3r3",
                "status": "affected",
                "version": "22.3r2",
                "versionType": "custom"
              },
              {
                "lessThan": "22.6r2",
                "status": "affected",
                "version": "22.6r1",
                "versionType": "custom"
              },
              {
                "lessThan": "22.5r2",
                "status": "affected",
                "version": "22.5r1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:ivanti:virtual_traffic_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "virtual_traffic_manager",
            "vendor": "ivanti",
            "versions": [
              {
                "lessThan": "22.7r2",
                "status": "affected",
                "version": "22.7r1",
                "versionType": "custom"
              },
              {
                "lessThan": "22.2r1",
                "status": "affected",
                "version": "22.2",
                "versionType": "custom"
              },
              {
                "lessThan": "22.3r3",
                "status": "affected",
                "version": "22.3",
                "versionType": "custom"
              },
              {
                "lessThan": "22.3r3",
                "status": "affected",
                "version": "22.3r2",
                "versionType": "custom"
              },
              {
                "lessThan": "22.6r2",
                "status": "affected",
                "version": "22.6r1",
                "versionType": "custom"
              },
              {
                "lessThan": "22.5r2",
                "status": "affected",
                "version": "22.5r1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:ivanti:virtual_traffic_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "virtual_traffic_manager",
            "vendor": "ivanti",
            "versions": [
              {
                "lessThan": "22.7r2",
                "status": "affected",
                "version": "22.7r1",
                "versionType": "custom"
              },
              {
                "lessThan": "22.2r1",
                "status": "affected",
                "version": "22.2",
                "versionType": "custom"
              },
              {
                "lessThan": "22.3r3",
                "status": "affected",
                "version": "22.3",
                "versionType": "custom"
              },
              {
                "lessThan": "22.3r3",
                "status": "affected",
                "version": "22.3r2",
                "versionType": "custom"
              },
              {
                "lessThan": "22.6r2",
                "status": "affected",
                "version": "22.6r1",
                "versionType": "custom"
              },
              {
                "lessThan": "22.5r2",
                "status": "affected",
                "version": "22.5r1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:ivanti:virtual_traffic_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "virtual_traffic_manager",
            "vendor": "ivanti",
            "versions": [
              {
                "lessThan": "22.7r2",
                "status": "affected",
                "version": "22.7r1",
                "versionType": "custom"
              },
              {
                "lessThan": "22.2r1",
                "status": "affected",
                "version": "22.2",
                "versionType": "custom"
              },
              {
                "lessThan": "22.3r3",
                "status": "affected",
                "version": "22.3",
                "versionType": "custom"
              },
              {
                "lessThan": "22.3r3",
                "status": "affected",
                "version": "22.3r2",
                "versionType": "custom"
              },
              {
                "lessThan": "22.6r2",
                "status": "affected",
                "version": "22.6r1",
                "versionType": "custom"
              },
              {
                "lessThan": "22.5r2",
                "status": "affected",
                "version": "22.5r1",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7593",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T19:45:24.845483Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-09-24",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7593"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:47.493Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7593"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-09-24T00:00:00.000Z",
            "value": "CVE-2024-7593 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "vTM",
          "vendor": "Ivanti",
          "versions": [
            {
              "status": "unaffected",
              "version": "22.7R2",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "22.2R1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIncorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
            }
          ],
          "value": "Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-303",
              "description": "CWE-303 Incorrect Implementation of Authentication Algorithm",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T18:17:47.248Z",
        "orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
        "shortName": "ivanti"
      },
      "references": [
        {
          "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
    "assignerShortName": "ivanti",
    "cveId": "CVE-2024-7593",
    "datePublished": "2024-08-13T18:17:47.248Z",
    "dateReserved": "2024-08-07T17:08:33.645Z",
    "dateUpdated": "2025-10-21T22:55:47.493Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-5658 (GCVE-0-2024-5658)

Vulnerability from cvelistv5 – Published: 2024-06-06 10:32 – Updated: 2025-09-03 07:08
VLAI
Title
CraftCMS Plugin - Two-Factor Authentication - TOTP Token Stays Valid After Use
Summary
The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-303 - Incorrect Implementation of Authentication Algorithm
Assigner
Impacted products
Vendor Product Version
Born05 CraftCMS Plugin - Two-Factor Authentication Affected: 0 , ≤ 3.3.3 (custom)
Create a notification for this product.
born05 craft_cms Affected: 0 , ≤ 3.3.3 (custom)
    cpe:2.3:a:born05:craft_cms:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Fabian Funder (SBA Research) Jakob Pachmann (SBA Research)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:born05:craft_cms:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "craft_cms",
            "vendor": "born05",
            "versions": [
              {
                "lessThanOrEqual": "3.3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5658",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-06T13:23:29.089917Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T13:24:57.494Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:18:06.856Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-02_CraftCMS_Plugin_Two-Factor_Authentication_TOTP_Valid_After_Use"
          },
          {
            "tags": [
              "product",
              "x_transferred"
            ],
            "url": "https://plugins.craftcms.com/two-factor-authentication?craft4"
          },
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://github.com/born05/craft-twofactorauthentication/releases/tag/3.3.4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/06/06/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CraftCMS Plugin - Two-Factor Authentication",
          "repo": "https://github.com/born05/craft-twofactorauthentication",
          "vendor": "Born05",
          "versions": [
            {
              "lessThanOrEqual": "3.3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Fabian Funder (SBA Research)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Jakob Pachmann (SBA Research)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cdiv\u003eThe CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period.\u003c/div\u003e\u003c/div\u003e"
            }
          ],
          "value": "The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-303",
              "description": "CWE-303 Incorrect Implementation of Authentication Algorithm",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-03T07:08:56.470Z",
        "orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
        "shortName": "sba-research"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-02_CraftCMS_Plugin_Two-Factor_Authentication_TOTP_Valid_After_Use"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://plugins.craftcms.com/two-factor-authentication?craft4"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://github.com/born05/craft-twofactorauthentication/releases/tag/3.3.4"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/06/06/2"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to version 3.3.4 or later."
            }
          ],
          "value": "Update to version 3.3.4 or later."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "CraftCMS Plugin - Two-Factor Authentication - TOTP Token Stays Valid After Use",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
    "assignerShortName": "sba-research",
    "cveId": "CVE-2024-5658",
    "datePublished": "2024-06-06T10:32:07.239Z",
    "dateReserved": "2024-06-05T16:36:00.494Z",
    "dateUpdated": "2025-09-03T07:08:56.470Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-4985 (GCVE-0-2024-4985)

Vulnerability from cvelistv5 – Published: 2024-05-20 21:17 – Updated: 2024-08-01 20:55
VLAI
Summary
An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13.0 and was fixed in versions 3.9.15, 3.10.12, 3.11.10 and 3.12.4. This vulnerability was reported via the GitHub Bug Bounty program.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-303 - Incorrect Implementation of Authentication Algorithm
Assigner
Impacted products
Vendor Product Version
GitHub Enterprise Server Affected: 3.9.0 , ≤ 3.9.14 (semver)
Affected: 3.10.0 , ≤ 3.10.11 (semver)
Affected: 3.11.0 , ≤ 3.11.9 (semver)
Affected: 3.12.0 , ≤ 3.12.3 (semver)
Unaffected: 3.13.0
Create a notification for this product.
github enterprise_server Affected: 3.9.0 , ≤ 3.9.14 (semver)
Affected: 3.10.0 , ≤ 3.10.12 (semver)
Affected: 3.11.0 , ≤ 3.11.10 (semver)
Affected: 3.12.0 , ≤ 3.12.3 (semver)
    cpe:2.3:a:github:enterprise_server:-:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Imre Rad
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:github:enterprise_server:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "enterprise_server",
            "vendor": "github",
            "versions": [
              {
                "lessThanOrEqual": "3.9.14",
                "status": "affected",
                "version": "3.9.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "3.10.12",
                "status": "affected",
                "version": "3.10.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "3.11.10",
                "status": "affected",
                "version": "3.11.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "3.12.3",
                "status": "affected",
                "version": "3.12.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4985",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-30T04:00:27.233770Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:54:09.964Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:55:10.505Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.15"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.12"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.10"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Enterprise Server",
          "vendor": "GitHub",
          "versions": [
            {
              "changes": [
                {
                  "at": "3.9.15",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.9.14",
              "status": "affected",
              "version": "3.9.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.10.12",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.10.11",
              "status": "affected",
              "version": "3.10.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.11.10",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.11.9",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.12.4",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.12.3",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "3.13.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Imre Rad"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13.0 and was fixed in versions 3.9.15, 3.10.12, 3.11.10 and 3.12.4. This vulnerability was reported via the GitHub Bug Bounty program."
            }
          ],
          "value": "An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13.0 and was fixed in versions 3.9.15, 3.10.12, 3.11.10 and 3.12.4. This vulnerability was reported via the GitHub Bug Bounty program."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/R:U/V:C/RE:M/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-303",
              "description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-20T21:17:27.315Z",
        "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
        "shortName": "GitHub_P"
      },
      "references": [
        {
          "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.15"
        },
        {
          "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.12"
        },
        {
          "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.10"
        },
        {
          "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.4"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
    "assignerShortName": "GitHub_P",
    "cveId": "CVE-2024-4985",
    "datePublished": "2024-05-20T21:17:27.315Z",
    "dateReserved": "2024-05-16T03:36:45.225Z",
    "dateUpdated": "2024-08-01T20:55:10.505Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-4332 (GCVE-0-2024-4332)

Vulnerability from cvelistv5 – Published: 2024-06-03 17:38 – Updated: 2025-08-29 20:20
VLAI
Title
Improper Authentication in Tripwire Enterprise 9.1.0 APIs
Summary
An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is enabled. This vulnerability allows unauthenticated attackers to bypass authentication if a valid username is known. Exploitation of this vulnerability could allow remote attackers to gain privileged access to the APIs and lead to unauthorized information disclosure or modification.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-303 - Incorrect Implementation of Authentication Algorithm
  • CWE-306 - Missing Authentication for Critical Function
Assigner
Impacted products
Vendor Product Version
Fortra Tripwire Enterprise Affected: 9.1.0
Create a notification for this product.
fortra tripwire_enterprise Affected: 9.1.0
    cpe:2.3:a:fortra:tripwire_enterprise:9.1.0:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fortra:tripwire_enterprise:9.1.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tripwire_enterprise",
            "vendor": "fortra",
            "versions": [
              {
                "status": "affected",
                "version": "9.1.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4332",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-07T03:56:07.398810Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-07T10:00:29.769Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:40:47.145Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.fortra.com/security/advisory/fi-2024-006"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "API authentication",
            "REST API",
            "SOAP API"
          ],
          "product": "Tripwire Enterprise",
          "vendor": "Fortra",
          "versions": [
            {
              "status": "affected",
              "version": "9.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional \"Auto-synchronize LDAP Users, Roles, and Groups\" feature is enabled. This vulnerability allows unauthenticated attackers to bypass authentication if a valid username is known. Exploitation of this vulnerability could allow remote attackers to gain privileged access to the APIs and lead to unauthorized information disclosure or modification.\n\n \n\n\u003cbr\u003e\u003cbr\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional \"Auto-synchronize LDAP Users, Roles, and Groups\" feature is enabled. This vulnerability allows unauthenticated attackers to bypass authentication if a valid username is known. Exploitation of this vulnerability could allow remote attackers to gain privileged access to the APIs and lead to unauthorized information disclosure or modification."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "USER",
            "Safety": "NEGLIGIBLE",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/S:N/AU:Y/R:U/V:C/RE:L/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "LOW"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-303",
              "description": "CWE-303 Incorrect Implementation of Authentication Algorithm",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-29T20:20:21.394Z",
        "orgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
        "shortName": "Fortra"
      },
      "references": [
        {
          "url": "https://www.fortra.com/security/advisory/fi-2024-006"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade to Tripwire Enterprise 9.1.1 or higher to remediate the vulnerability."
            }
          ],
          "value": "Upgrade to Tripwire Enterprise 9.1.1 or higher to remediate the vulnerability."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Improper Authentication in Tripwire Enterprise 9.1.0 APIs",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To mitigate this issue in TE 9.1.0, disable the \"Auto-synchronize LDAP Users, Roles, and Groups\" feature when using LDAP/Active Directory SAML authentication. Be aware that doing so will disable API functionality. To continue using the APIs, configure an alternate login method or upgrade to TE 9.1.1 or higher."
            }
          ],
          "value": "To mitigate this issue in TE 9.1.0, disable the \"Auto-synchronize LDAP Users, Roles, and Groups\" feature when using LDAP/Active Directory SAML authentication. Be aware that doing so will disable API functionality. To continue using the APIs, configure an alternate login method or upgrade to TE 9.1.1 or higher."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
    "assignerShortName": "Fortra",
    "cveId": "CVE-2024-4332",
    "datePublished": "2024-06-03T17:38:54.516Z",
    "dateReserved": "2024-04-29T22:31:16.171Z",
    "dateUpdated": "2025-08-29T20:20:21.394Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-3046 (GCVE-0-2024-3046)

Vulnerability from cvelistv5 – Published: 2024-04-09 10:02 – Updated: 2024-08-22 19:59
VLAI
Summary
In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an authenticated user reported in logs. This issue affects org.eclipse.kura:org.eclipse.kura.web2 version range [2.0.600, 2.4.0], which is included in Eclipse Kura version range [5.0.0, 5.4.1]
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-303 - Incorrect Implementation of Authentication Algorithm}
Assigner
Impacted products
Vendor Product Version
Eclipse Foundation Kura Affected: 5.0.0 , ≤ 5.4.1 (semver)
Create a notification for this product.
eclipse_foundation kura Affected: 5.0.0 , ≤ 5.4.1 (custom)
    cpe:2.3:a:eclipse_foundation:kura:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Davide Virruso of Yoroi
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:32:42.548Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/188"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:eclipse_foundation:kura:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "kura",
            "vendor": "eclipse_foundation",
            "versions": [
              {
                "lessThanOrEqual": "5.4.1",
                "status": "affected",
                "version": "5.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3046",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-09T19:53:17.127730Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-22T19:59:23.361Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "org.eclipse.kura:org.eclipse.kura.web2",
          "product": "Kura",
          "repo": "https://github.com/eclipse/kura",
          "vendor": "Eclipse Foundation",
          "versions": [
            {
              "lessThanOrEqual": "5.4.1",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Davide Virruso of Yoroi"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eIn Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an authenticated user reported in logs.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis issue affects org.eclipse.kura:org.eclipse.kura.web2 version range [2.0.600, 2.4.0], which is included in Eclipse Kura version range [5.0.0, 5.4.1]\u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an authenticated user reported in logs.\n\nThis issue affects org.eclipse.kura:org.eclipse.kura.web2 version range [2.0.600, 2.4.0], which is included in Eclipse Kura version range [5.0.0, 5.4.1]\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-303",
              "description": "CWE-303: Incorrect Implementation of Authentication Algorithm}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-10T05:51:23.655Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/188"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2024-3046",
    "datePublished": "2024-04-09T10:02:39.146Z",
    "dateReserved": "2024-03-28T15:55:27.026Z",
    "dateUpdated": "2024-08-22T19:59:23.361Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-44420 (GCVE-0-2023-44420)

Vulnerability from cvelistv5 – Published: 2024-05-03 02:13 – Updated: 2024-08-02 20:07
VLAI
Title
D-Link DIR-X3260 prog.cgi Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability
Summary
D-Link DIR-X3260 prog.cgi Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-X3260 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the prog.cgi executable. The issue results from an incorrect implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the device. Was ZDI-CAN-21100.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-303 - Incorrect Implementation of Authentication Algorithm
Assigner
zdi
References
Impacted products
Vendor Product Version
D-Link DIR-X3260 Affected: 1.02B02
Create a notification for this product.
dlink dir-x3260 Affected: 1.04b01
    cpe:2.3:o:dlink:dir-x3260:1.04b01:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2023-10-04 23:06
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:dlink:dir-x3260:1.04b01:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "dir-x3260",
            "vendor": "dlink",
            "versions": [
              {
                "status": "affected",
                "version": "1.04b01"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-44420",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-06T14:50:46.866019Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:19:39.311Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:07:33.133Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ZDI-23-1518",
            "tags": [
              "x_research-advisory",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1518/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "DIR-X3260",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "1.02B02"
            }
          ]
        }
      ],
      "dateAssigned": "2023-09-28T18:14:48.201Z",
      "datePublic": "2023-10-04T23:06:08.475Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "D-Link DIR-X3260 prog.cgi Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-X3260 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the prog.cgi executable. The issue results from an incorrect implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the device. Was ZDI-CAN-21100."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-303",
              "description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-03T02:13:49.140Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-23-1518",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1518/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Nicholas Zubrisky"
      },
      "title": "D-Link DIR-X3260 prog.cgi Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2023-44420",
    "datePublished": "2024-05-03T02:13:49.140Z",
    "dateReserved": "2023-09-28T18:02:49.771Z",
    "dateUpdated": "2024-08-02T20:07:33.133Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

No mitigation information available for this CWE.

CAPEC-90: Reflection Attack in Authentication Protocol

An adversary can abuse an authentication protocol susceptible to reflection attack in order to defeat it. Doing so allows the adversary illegitimate access to the target system, without possessing the requisite credentials. Reflection attacks are of great concern to authentication protocols that rely on a challenge-handshake or similar mechanism. An adversary can impersonate a legitimate user and can gain illegitimate access to the system by successfully mounting a reflection attack during authentication.