Common Weakness Enumeration

CWE-305

Allowed

Authentication Bypass by Primary Weakness

Abstraction: Base · Status: Draft

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

281 vulnerabilities reference this CWE, most recent first.

GHSA-JH6M-3PQW-242H

Vulnerability from github – Published: 2022-02-09 00:56 – Updated: 2022-08-12 20:52
VLAI
Summary
Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers
Details

A vulnerability was found in all versions of the deprecated package Keycloak Gatekeeper, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/keycloak/keycloak-gatekeeper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.2.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-14359"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-01T16:13:00Z",
    "nvd_published_at": "2021-02-23T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was found in all versions of the deprecated package Keycloak Gatekeeper, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers.",
  "id": "GHSA-jh6m-3pqw-242h",
  "modified": "2022-08-12T20:52:13Z",
  "published": "2022-02-09T00:56:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14359"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/issues/12934"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868591"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/keycloak/keycloak-gatekeeper"
    },
    {
      "type": "WEB",
      "url": "https://issues.jboss.org/browse/KEYCLOAK-14090"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20190613000352/github.com/keycloak/keycloak-gatekeeper"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers"
}

GHSA-JP3F-X449-4Q75

Vulnerability from github – Published: 2026-05-18 09:31 – Updated: 2026-06-01 15:04
VLAI
Summary
Mattermost doesn't enforce client identity binding during the OAuth authorization code redemption flow
Details

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated OAuth client to redeem authorization codes issued to a different client via a crafted token exchange request.. Mattermost Advisory ID: MMSA-2026-00570

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost/server/v8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.5.0"
            },
            {
              "fixed": "11.5.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost/server/v8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.11.0"
            },
            {
              "fixed": "10.11.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost/server/v8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.0-20260318173148-e9ae890a013b"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.3.2-0.20260318173148-e9ae890a013b"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-6334"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-01T15:04:48Z",
    "nvd_published_at": "2026-05-18T08:16:14Z",
    "severity": "LOW"
  },
  "details": "Mattermost versions 11.5.x \u003c= 11.5.1, 10.11.x \u003c= 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated OAuth client to redeem authorization codes issued to a different client via a crafted token exchange request.. Mattermost Advisory ID: MMSA-2026-00570",
  "id": "GHSA-jp3f-x449-4q75",
  "modified": "2026-06-01T15:04:49Z",
  "published": "2026-05-18T09:31:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6334"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mattermost/mattermost/commit/e9ae890a013bb57989fcbdb548d8b7b86b240237"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mattermost/mattermost"
    },
    {
      "type": "WEB",
      "url": "https://mattermost.com/security-updates"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Mattermost doesn\u0027t enforce client identity binding during the OAuth authorization code redemption flow"
}

GHSA-JVR3-FJ9R-5Q66

Vulnerability from github – Published: 2023-09-06 18:30 – Updated: 2025-11-04 21:30
VLAI
Details

Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn should be accessible to authenticated users only

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4498"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-06T17:15:50Z",
    "severity": "MODERATE"
  },
  "details": "Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn should be accessible to authenticated users only",
  "id": "GHSA-jvr3-fj9r-5q66",
  "modified": "2025-11-04T21:30:39Z",
  "published": "2023-09-06T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4498"
    },
    {
      "type": "WEB",
      "url": "https://kb.cert.org/vuls/id/304455"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/304455"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JWXC-5CH3-VXQQ

Vulnerability from github – Published: 2024-12-24 06:30 – Updated: 2026-05-06 18:30
VLAI
Details

A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the "admin" user and is persisted in either a Kubernetes secret or a podman volume in a plaintext file. This authentication method can be manipulated by an attacker, leading to the reading of any user-readable file in the container filesystem, directly impacting data confidentiality. Additionally, the attacker may induce skupper to read extremely large files into memory, resulting in resource exhaustion and a denial of service attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-12582"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-24T04:15:05Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in the skupper console,  a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the \"admin\" user and is persisted in either a Kubernetes secret or a podman volume in a plaintext file. This authentication method can be manipulated by an attacker, leading to the reading of any user-readable file in the container filesystem, directly impacting data confidentiality. Additionally, the attacker may induce skupper to read extremely large files into memory, resulting in resource exhaustion and a denial of service attack.",
  "id": "GHSA-jwxc-5ch3-vxqq",
  "modified": "2026-05-06T18:30:23Z",
  "published": "2024-12-24T06:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12582"
    },
    {
      "type": "WEB",
      "url": "https://github.com/skupperproject/skupper/pull/1833"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:1413"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-12582"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333540"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JX2P-C252-QCMR

Vulnerability from github – Published: 2024-07-11 09:30 – Updated: 2024-07-11 09:30
VLAI
Details

Nuvoton - CWE-305: Authentication Bypass by Primary Weakness

An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock

reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code

execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-38433"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-11T08:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Nuvoton - CWE-305: Authentication Bypass by Primary Weakness\n\nAn attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock\n\nreference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code\n\nexecution.",
  "id": "GHSA-jx2p-c252-qcmr",
  "modified": "2024-07-11T09:30:58Z",
  "published": "2024-07-11T09:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38433"
    },
    {
      "type": "WEB",
      "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M24W-WG7M-X27H

Vulnerability from github – Published: 2024-02-27 18:31 – Updated: 2025-02-11 18:31
VLAI
Details

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.  The vulnerability is a bypass to authentication based on a failure to properly handle username and password. Certain unexpected content passed into the credentials can lead to unauthorized access without proper authentication.  

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-1403"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-27T16:15:45Z",
    "severity": "CRITICAL"
  },
  "details": "In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.\u00a0 The\nvulnerability is a bypass to authentication based on a failure to properly\nhandle username and password.  Certain unexpected\ncontent passed into the credentials can lead to unauthorized access without proper\nauthentication.  \u00a0",
  "id": "GHSA-m24w-wg7m-x27h",
  "modified": "2025-02-11T18:31:11Z",
  "published": "2024-02-27T18:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1403"
    },
    {
      "type": "WEB",
      "url": "https://community.progress.com/s/article/Important-Critical-Alert-for-OpenEdge-Authentication-Gateway-and-AdminServer"
    },
    {
      "type": "WEB",
      "url": "https://www.progress.com/openedge"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M9VC-392H-6MJX

Vulnerability from github – Published: 2023-04-14 15:30 – Updated: 2023-04-14 15:30
VLAI
Details

Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1833"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-14T14:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.\n\n",
  "id": "GHSA-m9vc-392h-6mjx",
  "modified": "2023-04-14T15:30:29Z",
  "published": "2023-04-14T15:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1833"
    },
    {
      "type": "WEB",
      "url": "https://www.usom.gov.tr/bildirim/tr-23-0227"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MG2F-G382-VVC6

Vulnerability from github – Published: 2024-09-05 12:31 – Updated: 2024-09-05 12:31
VLAI
Details

This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-5956"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-05T11:15:12Z",
    "severity": "MODERATE"
  },
  "details": "This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly",
  "id": "GHSA-mg2f-g382-vvc6",
  "modified": "2024-09-05T12:31:16Z",
  "published": "2024-09-05T12:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5956"
    },
    {
      "type": "WEB",
      "url": "https://thrive.trellix.com/s/article/000013870"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MP5P-GQ8Q-GCGG

Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2025-11-04 21:30
VLAI
Details

NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor (BNA), enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the update process looks for CAB archives on removable media and executes a specific file without first validating the signature of the CAB archive.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-10126"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305",
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-21T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor (BNA), enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the update process looks for CAB archives on removable media and executes a specific file without first validating the signature of the CAB archive.",
  "id": "GHSA-mp5p-gq8q-gcgg",
  "modified": "2025-11-04T21:30:24Z",
  "published": "2022-05-24T17:26:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10126"
    },
    {
      "type": "WEB",
      "url": "https://kb.cert.org/vuls/id/815655"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/815655"
    },
    {
      "type": "WEB",
      "url": "https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-13_APTRA_XFS_"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MPR5-M5GH-62GW

Vulnerability from github – Published: 2022-08-05 00:00 – Updated: 2022-08-11 00:00
VLAI
Details

Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2651"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-04T09:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5.",
  "id": "GHSA-mpr5-m5gh-62gw",
  "modified": "2022-08-11T00:00:35Z",
  "published": "2022-08-05T00:00:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2651"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bookwyrm-social/bookwyrm/commit/7bbe42fb30a79a26115524d18b697d895563c92f"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/428eee94-f1a0-45d0-9e25-318641115550"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/168423/Bookwyrm-0.4.3-Authentication-Bypass.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.