Description
The product implements an authentication technique, but it skips a step that weakens the technique.
Extended Description
Authentication techniques should follow the algorithms that define them exactly, otherwise authentication can be bypassed or more easily subjected to brute force attacks.
CVE vulnerabilities with CWE-304 (34)
9.8
CVSS
CRITICAL
CVE-2024-8954
pub. 2025-03-20
9.8
CVSS
CRITICAL
CVE-2024-2172
pub. 2024-03-13
9.8
CVSS
CRITICAL
CVE-2022-2302
pub. 2022-07-11
9.6
CVSS
CRITICAL
CVE-2026-44547
pub. 2026-05-12
9.0
CVSS
CRITICAL
CVE-2024-45764
pub. 2024-11-08
8.8
CVSS
HIGH
CVE-2024-12048
pub. 2025-03-20
8.8
CVSS
HIGH
CVE-2022-40622
pub. 2022-09-13
8.7
CVSS
HIGH
CVE-2019-16766
pub. 2019-11-29
8.1
CVSS
HIGH
CVE-2026-42452
pub. 2026-05-08
8.1
CVSS
HIGH
CVE-2025-24322
pub. 2025-08-20
8.1
CVSS
HIGH
CVE-2024-9216
pub. 2025-03-20
8.1
CVSS
HIGH
CVE-2022-1065
pub. 2022-04-19
8.0
CVSS
HIGH
CVE-2026-30831
pub. 2026-03-06
8.0
CVSS
HIGH
CVE-2024-11302
pub. 2025-03-20
7.6
CVSS
HIGH
CVE-2023-22833
pub. 2023-06-06
7.5
CVSS
HIGH
CVE-2024-20153
pub. 2025-01-06
7.5
CVSS
HIGH
CVE-2022-2821
pub. 2022-08-15
7.4
CVSS
HIGH
CVE-2025-55138
pub. 2025-08-07
7.4
CVSS
HIGH
CVE-2023-52424
pub. 2024-05-17
7.3
CVSS
HIGH
CVE-2026-55957
pub. 2026-06-29
Showing 20 of 34 vulnerabilities