CWE-305

Authentication Bypass by Primary Weakness

Base

Draft

Description

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

Parent Weaknesses (ChildOf)

CWE-1390: Weak Authentication...

Common Consequences

Scope

Access Control

Impact

Bypass Protection Mechanism

CVE-2002-1374

The provided password is only compared against the first character of the real password.

CVE-2000-0979

The password is not properly checked, which allows remote attackers to bypass access controls by sending a 1-byte password that matches the first character of the real password.

CVE-2001-0088

Chain: Forum software does not properly initialize an array, which inadvertently sets the password to a single character, allowing remote attackers to easily guess the password and gain administrative privileges.

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-305

Authentication Bypass by Primary Weakness

Description

Relationships

Common Consequences

Related CVEs

Applicable Platforms