CWE-305 - Authentication Bypass by Primary Weakness

Home/CWEs/CWE info/

CWE-305

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Authentication Bypass by Primary Weakness

Description: The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

Common Consequences: Scope: Access Control
Impact: Bypass Protection Mechanism

Related Weaknesses: CWE-1390Weak Authentication

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Top Security News

Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)

CWE top 25 most dangerous software weaknesses

Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor

APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware

Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs

Download: CIS Critical Security Controls v8.1

Hackers now use AppDomain Injection to drop CobaltStrike beacons

Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites

Common Alerts

LowX-AspNet-Version Response Header

LowBig Redirect Detected (Potential Sensitive Information Leak)

InformationalRetrieved from Cache

MediumHTTP to HTTPS Insecure Transition in Form Post

LowHash Disclosure - MD4 / MD5

MediumReferer Exposes Session ID

MediumPotential IP Addresses Found in the Viewstate

InformationalInformation Disclosure - Information in Browser sessionStorage

InformationalSec-Fetch-Site Header Has an Invalid Value

LowPrivate IP Disclosure via WebSocket

Top CVE List

CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability

CVE-2019-15949 Nagios XI Remote Code Execution Vulnerability

CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2021-26858 Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability

Top CWE List

CWE-328 Use of Weak Hash

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CWE-15 External Control of System or Configuration Setting

CWE-579 J2EE Bad Practices: Non-serializable Object Stored in Session

CWE-1426 Improper Validation of Generative AI Output

MediumCWE-250 Execution with Unnecessary Privileges

CWE-384 Session Fixation

CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

HighCWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1245 Improper Finite State Machines (FSMs) in Hardware Logic

Free security scan for your website

Don't show website scan report rating on the leaderboard

CWE-305 - Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.