CWE-303

Incorrect Implementation of Authentication Algorithm

Parent: CWE-1390 - Weak Authentication

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

84 vulnerabilities with CWE-303
CVE-2025-44557 HIGH
Cypress PSoC4 v3.66 - Authentication Bypass via Crafted Pairing Failed Packet
CVSS 8.1
CVE-2025-48994 MEDIUM
SignXML <4.0.4 - Algorithm Confusion
CVE-2025-3230 MEDIUM
Mattermost <10.7.0-10.6.2-10.5.3-9.11.12 - Info Disclosure
CVSS 5.4
CVE-2025-2571 MEDIUM
Mattermost <10.7.0-10.5.3-9.11.12 - Auth Bypass
CVSS 4.2
CVE-2025-2475 MEDIUM
Mattermost <10.5.1-10.4.3-9.11.9 - Info Disclosure
CVSS 5.4
CVE-2025-23046 HIGH
GLPI 9.5.0-10.0.17 - Authentication Bypass via OauthIMAP Plugin
CVSS 7.5
CVE-2025-21311 CRITICAL
Windows NTLM < - Privilege Escalation
CVSS 9.8
CVE-2024-8314 MEDIUM
B&R APROL <4.4-00P5 - Privilege Escalation
CVE-2024-56128 MEDIUM
Apache Kafka 0.10.2.0-3.9.0 - Authentication Bypass via SCRAM Nonce Validation Omission
CVSS 5.3
CVE-2024-52586 MEDIUM
elabftw 4.6.0-5.1.8 - Multifactor Authentication Bypass via Local Authentication
CVSS 5.4
CVE-2024-10127 CRITICAL
M-Files Server < 24.11 - Authentication Bypass via LDAP Configuration
CVSS 9.8
CVE-2024-9999 MEDIUM
WS_FTP Server < 8.8.9 - Incorrect Implementation of Authentication Algorithm in Web Transfer Module
CVSS 6.5
CVE-2024-36250 LOW
Mattermost <9.11.3-9.5.11 - Info Disclosure
CVSS 3.1
CVE-2024-10214 LOW
Mattermost <9.11.2-9.5.10 - Info Disclosure
CVSS 3.5
CVE-2024-8642 HIGH
Eclipse Dataspace Components <0.9.0 - Auth Bypass
CVSS 8.1
CVE-2024-25157 MEDIUM
GoAnywhere MFT <7.6.0 - Auth Bypass
CVSS 6.5
CVE-2024-7593 CRITICAL KEV
Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)
CVSS 9.8
CVE-2024-41829 LOW
JetBrains TeamCity < 2024.07 - OAuth Code Theft via Space Application Connection
CVSS 3.5
CVE-2024-34722 HIGH
Android - Authentication Bypass in BLE Legacy Pairing Protocol
CVSS 8.8
CVE-2024-5658 MEDIUM
born05/two-factor_authentication < 3.3.4 - Improper Authentication via TOTP Token Reuse
CVSS 4.8
CVE-2024-4332 CRITICAL
Tripwire Enterprise 9.1.0 - Auth Bypass
CVE-2024-4985 CRITICAL
GitHub Enterprise Server - Auth Bypass
CVSS 9.8
CVE-2024-35190 MEDIUM
Asterisk <18.23.0 - Info Disclosure
CVSS 5.8
CVE-2024-32879 MEDIUM
Python Social Auth <5.4.1 - Info Disclosure
CVSS 4.9
CVE-2024-26248 HIGH
Windows Kerberos - Privilege Escalation
CVSS 7.5
Details
Vulnerabilities 84
Links
MITRE CWE Entry Search this CWE With Exploits