The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
146 vulnerabilities with CWE-305
CVE-2021-45031
HIGH
MEPSAN USC+ <3.0 - Privilege Escalation
CVSS 7.7
CVE-2021-26726
HIGH
Valmet DNA 2012-2021 - Remote Code Execution via TCP Port 1517
CVSS 8.8
CVE-2021-28503
HIGH
Arista EOS 4.22-4.22.9m - Authentication Bypass via Certificate Re-evaluation Skip
CVSS 7.4
CVE-2021-3850
CRITICAL
adodb < 5.20.21 - Authentication Bypass
CVSS 9.1
CVE-2021-43175
HIGH
GOautodial < commit 3c3a979 - Auth Bypass
CVSS 7.5
CVE-2021-3547
HIGH
OpenVPN 3 Core Library <3.6.1 - Auth Bypass
CVSS 7.4
CVE-2021-21403
HIGH
kongchuanhujiao < 1.3.21 - Authentication Bypass
CVSS 7.5
CVE-2020-15077
MEDIUM
OpenVPN Access Server <2.8.7 - Auth Bypass
CVSS 5.3
CVE-2020-15078
HIGH
OpenVPN < 2.4.11 - Authentication Bypass via Deferred Authentication
CVSS 7.5
CVE-2020-14359
HIGH
Keycloak Gatekeeper - Auth Bypass
CVSS 7.3
CVE-2020-24683
CRITICAL
S+ Operations <2.1 SP1 - Auth Bypass
CVSS 9.8
CVE-2020-15787
CRITICAL
SIMATIC HMI Unified Comfort Panels <= V16 - Info Disclosure
CVSS 9.8
CVE-2020-10126
HIGH
NCR SelfServ ATMs APTRA XFS 05.01.00 - Code Injection
CVSS 7.6
CVE-2020-10123
MEDIUM
NCR SelfSev APTRA XFS <05.01.00 - Privilege Escalation
CVSS 5.3
CVE-2020-10923
HIGH
NETGEAR R6700 V1.0.4.84_10.0.58 - Auth Bypass
CVSS 8.8
CVE-2020-11012
CRITICAL
MinIO <RELEASE.2020-04-23T00-58-49Z - Auth Bypass
CVSS 9.3
CVE-2019-14910
CRITICAL
Keycloak 7.x - Improper Certificate Validation in LDAP StartTLS Authentication
CVSS 9.8
CVE-2019-14909
HIGH
Keycloak 7.x - Authentication Bypass via LDAP Anonymous Bind
CVSS 8.3
CVE-2019-14833
MEDIUM
Samba <4.9.15, 4.10.10, 4.11.2 - Info Disclosure
CVSS 5.4
CVE-2019-0042
MEDIUM
Juniper Identity Management Service < 1.1.4 - Firewall Bypass and DoS via Incorrect Resource Transfer
CVSS 4.2
CVE-2019-3878
HIGH
mod_auth_mellon <0.14.2 - Auth Bypass
CVSS 8.1
Details
Vulnerabilities
146