CWE-305

Authentication Bypass by Primary Weakness

Base

What it is

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

Impact

Access Control

Bypass Protection Mechanism

Real-world CVE examples

CVE-2002-1374 — The provided password is only compared against the first character of the real password.
CVE-2000-0979 — The password is not properly checked, which allows remote attackers to bypass access controls by sending a 1-byte password that matches the first character of t
CVE-2001-0088 — Chain: Forum software does not properly initialize an array, which inadvertently sets the password to a single character, allowing remote attackers to easily gu

Related weaknesses

CWE-1390 (childof)

Test & detect

Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.

Source: MITRE CWE. View on cwe.mitre.org →