CWE-305
AllowedAuthentication Bypass by Primary Weakness
Abstraction: Base · Status: Draft
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
281 vulnerabilities reference this CWE, most recent first.
GHSA-JH6M-3PQW-242H
Vulnerability from github – Published: 2022-02-09 00:56 – Updated: 2022-08-12 20:52A vulnerability was found in all versions of the deprecated package Keycloak Gatekeeper, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/keycloak/keycloak-gatekeeper"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.2.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-14359"
],
"database_specific": {
"cwe_ids": [
"CWE-305"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-01T16:13:00Z",
"nvd_published_at": "2021-02-23T13:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in all versions of the deprecated package Keycloak Gatekeeper, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers.",
"id": "GHSA-jh6m-3pqw-242h",
"modified": "2022-08-12T20:52:13Z",
"published": "2022-02-09T00:56:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14359"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/issues/12934"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868591"
},
{
"type": "PACKAGE",
"url": "https://github.com/keycloak/keycloak-gatekeeper"
},
{
"type": "WEB",
"url": "https://issues.jboss.org/browse/KEYCLOAK-14090"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20190613000352/github.com/keycloak/keycloak-gatekeeper"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers"
}
GHSA-JP3F-X449-4Q75
Vulnerability from github – Published: 2026-05-18 09:31 – Updated: 2026-06-01 15:04Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated OAuth client to redeem authorization codes issued to a different client via a crafted token exchange request.. Mattermost Advisory ID: MMSA-2026-00570
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "11.5.0"
},
{
"fixed": "11.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "10.11.0"
},
{
"fixed": "10.11.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.0-20260318173148-e9ae890a013b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.3.2-0.20260318173148-e9ae890a013b"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-6334"
],
"database_specific": {
"cwe_ids": [
"CWE-305"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-01T15:04:48Z",
"nvd_published_at": "2026-05-18T08:16:14Z",
"severity": "LOW"
},
"details": "Mattermost versions 11.5.x \u003c= 11.5.1, 10.11.x \u003c= 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated OAuth client to redeem authorization codes issued to a different client via a crafted token exchange request.. Mattermost Advisory ID: MMSA-2026-00570",
"id": "GHSA-jp3f-x449-4q75",
"modified": "2026-06-01T15:04:49Z",
"published": "2026-05-18T09:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6334"
},
{
"type": "WEB",
"url": "https://github.com/mattermost/mattermost/commit/e9ae890a013bb57989fcbdb548d8b7b86b240237"
},
{
"type": "PACKAGE",
"url": "https://github.com/mattermost/mattermost"
},
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Mattermost doesn\u0027t enforce client identity binding during the OAuth authorization code redemption flow"
}
GHSA-JVR3-FJ9R-5Q66
Vulnerability from github – Published: 2023-09-06 18:30 – Updated: 2025-11-04 21:30Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn should be accessible to authenticated users only
{
"affected": [],
"aliases": [
"CVE-2023-4498"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-305"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-06T17:15:50Z",
"severity": "MODERATE"
},
"details": "Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn should be accessible to authenticated users only",
"id": "GHSA-jvr3-fj9r-5q66",
"modified": "2025-11-04T21:30:39Z",
"published": "2023-09-06T18:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4498"
},
{
"type": "WEB",
"url": "https://kb.cert.org/vuls/id/304455"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/304455"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JWXC-5CH3-VXQQ
Vulnerability from github – Published: 2024-12-24 06:30 – Updated: 2026-05-06 18:30A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the "admin" user and is persisted in either a Kubernetes secret or a podman volume in a plaintext file. This authentication method can be manipulated by an attacker, leading to the reading of any user-readable file in the container filesystem, directly impacting data confidentiality. Additionally, the attacker may induce skupper to read extremely large files into memory, resulting in resource exhaustion and a denial of service attack.
{
"affected": [],
"aliases": [
"CVE-2024-12582"
],
"database_specific": {
"cwe_ids": [
"CWE-305"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-24T04:15:05Z",
"severity": "HIGH"
},
"details": "A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the \"admin\" user and is persisted in either a Kubernetes secret or a podman volume in a plaintext file. This authentication method can be manipulated by an attacker, leading to the reading of any user-readable file in the container filesystem, directly impacting data confidentiality. Additionally, the attacker may induce skupper to read extremely large files into memory, resulting in resource exhaustion and a denial of service attack.",
"id": "GHSA-jwxc-5ch3-vxqq",
"modified": "2026-05-06T18:30:23Z",
"published": "2024-12-24T06:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12582"
},
{
"type": "WEB",
"url": "https://github.com/skupperproject/skupper/pull/1833"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:1413"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-12582"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333540"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JX2P-C252-QCMR
Vulnerability from github – Published: 2024-07-11 09:30 – Updated: 2024-07-11 09:30Nuvoton - CWE-305: Authentication Bypass by Primary Weakness
An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock
reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code
execution.
{
"affected": [],
"aliases": [
"CVE-2024-38433"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-305"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-11T08:15:10Z",
"severity": "MODERATE"
},
"details": "Nuvoton - CWE-305: Authentication Bypass by Primary Weakness\n\nAn attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock\n\nreference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code\n\nexecution.",
"id": "GHSA-jx2p-c252-qcmr",
"modified": "2024-07-11T09:30:58Z",
"published": "2024-07-11T09:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38433"
},
{
"type": "WEB",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M24W-WG7M-X27H
Vulnerability from github – Published: 2024-02-27 18:31 – Updated: 2025-02-11 18:31In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The vulnerability is a bypass to authentication based on a failure to properly handle username and password. Certain unexpected content passed into the credentials can lead to unauthorized access without proper authentication.
{
"affected": [],
"aliases": [
"CVE-2024-1403"
],
"database_specific": {
"cwe_ids": [
"CWE-305"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-27T16:15:45Z",
"severity": "CRITICAL"
},
"details": "In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.\u00a0 The\nvulnerability is a bypass to authentication based on a failure to properly\nhandle username and password. Certain unexpected\ncontent passed into the credentials can lead to unauthorized access without proper\nauthentication. \u00a0",
"id": "GHSA-m24w-wg7m-x27h",
"modified": "2025-02-11T18:31:11Z",
"published": "2024-02-27T18:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1403"
},
{
"type": "WEB",
"url": "https://community.progress.com/s/article/Important-Critical-Alert-for-OpenEdge-Authentication-Gateway-and-AdminServer"
},
{
"type": "WEB",
"url": "https://www.progress.com/openedge"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M9VC-392H-6MJX
Vulnerability from github – Published: 2023-04-14 15:30 – Updated: 2023-04-14 15:30Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.
{
"affected": [],
"aliases": [
"CVE-2023-1833"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-305"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-14T14:15:00Z",
"severity": "CRITICAL"
},
"details": "Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.\n\n",
"id": "GHSA-m9vc-392h-6mjx",
"modified": "2023-04-14T15:30:29Z",
"published": "2023-04-14T15:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1833"
},
{
"type": "WEB",
"url": "https://www.usom.gov.tr/bildirim/tr-23-0227"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MG2F-G382-VVC6
Vulnerability from github – Published: 2024-09-05 12:31 – Updated: 2024-09-05 12:31This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly
{
"affected": [],
"aliases": [
"CVE-2024-5956"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-305"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-05T11:15:12Z",
"severity": "MODERATE"
},
"details": "This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly",
"id": "GHSA-mg2f-g382-vvc6",
"modified": "2024-09-05T12:31:16Z",
"published": "2024-09-05T12:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5956"
},
{
"type": "WEB",
"url": "https://thrive.trellix.com/s/article/000013870"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MP5P-GQ8Q-GCGG
Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2025-11-04 21:30NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor (BNA), enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the update process looks for CAB archives on removable media and executes a specific file without first validating the signature of the CAB archive.
{
"affected": [],
"aliases": [
"CVE-2020-10126"
],
"database_specific": {
"cwe_ids": [
"CWE-305",
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-21T21:15:00Z",
"severity": "HIGH"
},
"details": "NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor (BNA), enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the update process looks for CAB archives on removable media and executes a specific file without first validating the signature of the CAB archive.",
"id": "GHSA-mp5p-gq8q-gcgg",
"modified": "2025-11-04T21:30:24Z",
"published": "2022-05-24T17:26:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10126"
},
{
"type": "WEB",
"url": "https://kb.cert.org/vuls/id/815655"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/815655"
},
{
"type": "WEB",
"url": "https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-13_APTRA_XFS_"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MPR5-M5GH-62GW
Vulnerability from github – Published: 2022-08-05 00:00 – Updated: 2022-08-11 00:00Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5.
{
"affected": [],
"aliases": [
"CVE-2022-2651"
],
"database_specific": {
"cwe_ids": [
"CWE-305"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-04T09:15:00Z",
"severity": "CRITICAL"
},
"details": "Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5.",
"id": "GHSA-mpr5-m5gh-62gw",
"modified": "2022-08-11T00:00:35Z",
"published": "2022-08-05T00:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2651"
},
{
"type": "WEB",
"url": "https://github.com/bookwyrm-social/bookwyrm/commit/7bbe42fb30a79a26115524d18b697d895563c92f"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/428eee94-f1a0-45d0-9e25-318641115550"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/168423/Bookwyrm-0.4.3-Authentication-Bypass.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.