CWE-303

Incorrect Implementation of Authentication Algorithm

Parent: CWE-1390 - Weak Authentication

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

84 vulnerabilities with CWE-303
CVE-2024-3046 HIGH
Eclipse Kura 5.0.0-5.4.1 - Unauthenticated Log Retrieval and Privilege Escalation via LogServlet
CVSS 7.5
CVE-2023-4860 CRITICAL
Google Chrome <115.0.5790.98 - Sandbox Escape
CVSS 9.6
CVE-2023-44420 HIGH
D-Link DIR-X3260 Firmware < 1.04b01 - Unauthenticated Authentication Bypass via prog.cgi
CVSS 8.8
CVE-2023-34282 HIGH
D-Link DIR-2150 Firmware < 1.06 - Unauthenticated Authentication Bypass via SOAP API
CVSS 8.8
CVE-2023-34274 HIGH
D-Link DIR-2150 Firmware < 1.06 - Unauthenticated Authentication Bypass via SOAP API
CVSS 8.8
CVE-2023-32152 MEDIUM
D-Link DIR-2640 Firmware - Unauthenticated Authentication Bypass via HNAP LoginPassword
CVSS 6.5
CVE-2023-32148 MEDIUM
D-Link DIR-2640 Firmware - Unauthenticated Authentication Bypass via Crafted XML Login Request
CVSS 6.5
CVE-2023-31211 HIGH
Checkmk <2.2.0p18-2.0.0p39 - Auth Bypass
CVSS 8.8
CVE-2023-4641 MEDIUM
shadow-utils < 4.14.0 - Password Exposure via Uncleared Memory Buffer
CVSS 4.7
CVE-2023-5627 HIGH
NPort 6000 Series - Privilege Escalation
CVSS 7.5
CVE-2023-39953 MEDIUM
user_oidc <1.3.3 - Man-in-the-Middle
CVSS 4.8
CVE-2023-3326 CRITICAL
FreeBSD pam_krb5 - Improper Authentication via Unvalidated KDC Response
CVSS 9.8
CVE-2023-29357 CRITICAL KEV
Sharepoint Dynamic Proxy Generator Unauth RCE
CVSS 9.8
CVE-2023-29129 CRITICAL
Mendix SAML Authentication Bypass via SAML Assertion
CVSS 9.1
CVE-2023-25957 CRITICAL
Mendix SAML 1.16.4-1.17.2, 2.2.0-2.2.9, 3.1.8-3.3.0 - Authentication Bypass via SAML
CVSS 9.1
CVE-2022-41985 HIGH
Weston Embedded uC-FTPs 1.98.00 - Unauthenticated Authentication Bypass and Denial of Service
CVSS 8.6
CVE-2022-43635 MEDIUM
TP-Link TL-WR940N <6_211111 3.20.1(US) - Info Disclosure
CVSS 6.5
CVE-2022-4861 MEDIUM
M-Files Client <22.5.11356.0 - Privilege Escalation
CVSS 4.8
CVE-2022-46146 MEDIUM
Prometheus Exporter Toolkit <0.7.2-0.8.2 - Auth Bypass
CVSS 6.2
CVE-2022-39366 CRITICAL
DataHub < 0.8.45 - Authentication Bypass via Missing JWT Signature Verification
CVSS 9.9
CVE-2022-20923 MEDIUM
Cisco RV110W RV130 RV130W RV215W - Unauthenticated IPSec VPN Authentication Bypass via Password Validation Algorithm
CVSS 4.0
CVE-2022-33736 HIGH
Opcenter Quality <V13.1.20220624-V13.2.20220624 - DoS
CVSS 7.5
CVE-2022-20695 CRITICAL
Cisco Wireless LAN Controller - Auth Bypass
CVSS 10.0
CVE-2021-42146 HIGH
Contiki-NG tinyDTLS - Sensitive Data Exposure via DTLS Epoch Reuse
CVSS 7.5
CVE-2021-21902 HIGH
Garrett iC Module CMA - Authentication Bypass via Session Hijacking
CVSS 8.1
Details
Vulnerabilities 84
Links
MITRE CWE Entry Search this CWE With Exploits