CWE-305
AllowedAuthentication Bypass by Primary Weakness
Abstraction: Base · Status: Draft
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
281 vulnerabilities reference this CWE, most recent first.
GHSA-QJF7-P4PC-2MQ7
Vulnerability from github – Published: 2025-09-30 21:31 – Updated: 2025-10-01 21:31LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to determine the existence of user accounts. Version 4.2 introduces user-based lockout mechanisms to mitigate brute-force attacks, user enumeration remains possible by default. In versions prior to 4.2, no such user-level protection is in place, only basic IP-based rate limiting is enforced. This IP-based protection can be bypassed by distributing requests across multiple IPs (e.g., rotating IP or proxies). Effectively bypassing both login and password reset security controls. Successful exploitation allows an attacker to enumerate valid email addresses registered for the application, increasing the risk of follow-up attacks such as password spraying.
{
"affected": [],
"aliases": [
"CVE-2025-56132"
],
"database_specific": {
"cwe_ids": [
"CWE-305"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-30T19:15:37Z",
"severity": "HIGH"
},
"details": "LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to determine the existence of user accounts. Version 4.2 introduces user-based lockout mechanisms to mitigate brute-force attacks, user enumeration remains possible by default. In versions prior to 4.2, no such user-level protection is in place, only basic IP-based rate limiting is enforced. This IP-based protection can be bypassed by distributing requests across multiple IPs (e.g., rotating IP or proxies). Effectively bypassing both login and password reset security controls. Successful exploitation allows an attacker to enumerate valid email addresses registered for the application, increasing the risk of follow-up attacks such as password spraying.",
"id": "GHSA-qjf7-p4pc-2mq7",
"modified": "2025-10-01T21:31:20Z",
"published": "2025-09-30T21:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-56132"
},
{
"type": "WEB",
"url": "https://docs.liquidfiles.com/release_notes/version_4-2-x.html"
},
{
"type": "WEB",
"url": "https://www.liquidfiles.com/updates/v4.2.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-QX2H-P95P-57W8
Vulnerability from github – Published: 2026-04-13 21:30 – Updated: 2026-04-13 21:30Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users to arbitrary external websites by manipulating the return_to parameter. Attackers can craft malicious login URLs with unvalidated return_to values to conduct phishing attacks and steal user credentials.
{
"affected": [],
"aliases": [
"CVE-2026-40039"
],
"database_specific": {
"cwe_ids": [
"CWE-305"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-13T19:16:51Z",
"severity": "HIGH"
},
"details": "Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users to arbitrary external websites by manipulating the return_to parameter. Attackers can craft malicious login URLs with unvalidated return_to values to conduct phishing attacks and steal user credentials.",
"id": "GHSA-qx2h-p95p-57w8",
"modified": "2026-04-13T21:30:43Z",
"published": "2026-04-13T21:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40039"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/pachno-open-redirection-via-return-to-parameter"
},
{
"type": "WEB",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5981.php"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-R2GG-H7R4-GP2G
Vulnerability from github – Published: 2025-08-06 03:30 – Updated: 2025-08-06 03:30Binding authentication bypass vulnerability in the devicemanager module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
{
"affected": [],
"aliases": [
"CVE-2025-54622"
],
"database_specific": {
"cwe_ids": [
"CWE-305"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-06T02:15:48Z",
"severity": "HIGH"
},
"details": "Binding authentication bypass vulnerability in the devicemanager module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.",
"id": "GHSA-r2gg-h7r4-gp2g",
"modified": "2025-08-06T03:30:25Z",
"published": "2025-08-06T03:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54622"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2025/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R8FC-3GVG-WXXF
Vulnerability from github – Published: 2024-04-17 09:30 – Updated: 2024-07-03 18:34Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
{
"affected": [],
"aliases": [
"CVE-2024-3847"
],
"database_specific": {
"cwe_ids": [
"CWE-305",
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T08:15:10Z",
"severity": "CRITICAL"
},
"details": "Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)",
"id": "GHSA-r8fc-3gvg-wxxf",
"modified": "2024-07-03T18:34:44Z",
"published": "2024-04-17T09:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3847"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/328690293"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RFHW-FM4M-52J6
Vulnerability from github – Published: 2023-02-10 21:30 – Updated: 2024-09-24 21:22Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.0.3"
},
"package": {
"ecosystem": "PyPI",
"name": "modoboa"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-0777"
],
"database_specific": {
"cwe_ids": [
"CWE-305"
],
"github_reviewed": true,
"github_reviewed_at": "2023-02-10T22:31:45Z",
"nvd_published_at": "2023-02-10T19:15:00Z",
"severity": "CRITICAL"
},
"details": "Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.",
"id": "GHSA-rfhw-fm4m-52j6",
"modified": "2024-09-24T21:22:33Z",
"published": "2023-02-10T21:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0777"
},
{
"type": "WEB",
"url": "https://github.com/modoboa/modoboa/commit/47d17ac6643f870719691073956a26e4be0a4806"
},
{
"type": "PACKAGE",
"url": "https://github.com/modoboa/modoboa"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/modoboa/PYSEC-2023-32.yaml"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/a17e7a9f-0fee-4130-a522-5a0466fc17c7"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/171744/modoboa-2.0.4-Admin-Takeover.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Authentication Bypass in modoboa"
}
GHSA-RG84-WV55-QXQC
Vulnerability from github – Published: 2025-11-18 12:30 – Updated: 2025-11-18 12:30The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials.
{
"affected": [],
"aliases": [
"CVE-2025-41733"
],
"database_specific": {
"cwe_ids": [
"CWE-305"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-18T11:15:46Z",
"severity": "CRITICAL"
},
"details": "The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials.",
"id": "GHSA-rg84-wv55-qxqc",
"modified": "2025-11-18T12:30:18Z",
"published": "2025-11-18T12:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41733"
},
{
"type": "WEB",
"url": "https://certvde.com/de/advisories/VDE-2025-097"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RH3Q-7G79-RP3X
Vulnerability from github – Published: 2025-03-03 18:31 – Updated: 2025-04-25 15:31In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism is used, there are ambiguities in the audience values of JWTs sent to authorization servers. The affected RFCs may include RFC 7523, and also RFC 7521, RFC 7522, RFC 9101 (JAR), and RFC 9126 (PAR).
{
"affected": [],
"aliases": [
"CVE-2025-27371"
],
"database_specific": {
"cwe_ids": [
"CWE-305",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-03T18:15:40Z",
"severity": "MODERATE"
},
"details": "In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism is used, there are ambiguities in the audience values of JWTs sent to authorization servers. The affected RFCs may include RFC 7523, and also RFC 7521, RFC 7522, RFC 9101 (JAR), and RFC 9126 (PAR).",
"id": "GHSA-rh3q-7g79-rp3x",
"modified": "2025-04-25T15:31:20Z",
"published": "2025-03-03T18:31:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27371"
},
{
"type": "WEB",
"url": "https://github.com/OWASP/ASVS/issues/2678"
},
{
"type": "WEB",
"url": "https://eprint.iacr.org/2025/629"
},
{
"type": "WEB",
"url": "https://openid.net/notice-of-a-security-vulnerability"
},
{
"type": "WEB",
"url": "https://openid.net/wp-content/uploads/2025/01/OIDF-Responsible-Disclosure-Notice-on-Security-Vulnerability-for-private_key_jwt.pdf"
},
{
"type": "WEB",
"url": "https://talks.secworkshop.events/osw2025/talk/R8D9BS"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RRC7-8W2H-XW89
Vulnerability from github – Published: 2024-08-12 15:30 – Updated: 2026-03-19 18:31A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources.
{
"affected": [],
"aliases": [
"CVE-2024-7557"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-305"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-12T13:38:43Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources.",
"id": "GHSA-rrc7-8w2h-xw89",
"modified": "2026-03-19T18:31:14Z",
"published": "2024-08-12T15:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7557"
},
{
"type": "WEB",
"url": "https://github.com/opendatahub-io/odh-dashboard/pull/3198"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-7557"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303094"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RVM7-RC5G-C98Q
Vulnerability from github – Published: 2024-06-11 21:32 – Updated: 2026-06-26 12:30A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
{
"affected": [],
"aliases": [
"CVE-2023-4727"
],
"database_specific": {
"cwe_ids": [
"CWE-305"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-11T20:15:09Z",
"severity": "HIGH"
},
"details": "A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.",
"id": "GHSA-rvm7-rc5g-c98q",
"modified": "2026-06-26T12:30:28Z",
"published": "2024-06-11T21:32:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4727"
},
{
"type": "WEB",
"url": "https://github.com/dogtagpki/pki/commit/54e5b3c5932ad634b5ddf5b1d4d88c9419d6f720"
},
{
"type": "WEB",
"url": "https://github.com/dogtagpki/pki/commit/aa7161ba378caf5cf0471aafb679a842679c8388"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4051"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4070"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4164"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4165"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4179"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4222"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4367"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4403"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:4413"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-4727"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232218"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-rvm7-rc5g-c98q"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RW3G-85QV-84CG
Vulnerability from github – Published: 2024-07-02 09:32 – Updated: 2024-07-02 09:32The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatically logged in.
{
"affected": [],
"aliases": [
"CVE-2023-41920"
],
"database_specific": {
"cwe_ids": [
"CWE-305"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-02T08:15:03Z",
"severity": "CRITICAL"
},
"details": "The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatically logged in.",
"id": "GHSA-rw3g-85qv-84cg",
"modified": "2024-07-02T09:32:06Z",
"published": "2024-07-02T09:32:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41920"
},
{
"type": "WEB",
"url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.