CVEbaza.plSłownik CWECWE-289
Common Weakness Enumeration

CWE-289

Authentication Bypass by Alternate Name

Kategoria: BaseCVE: 33
Opis

Produkt wykonuje uwierzytelnianie na podstawie nazwy zasobu, do którego uzyskiwany jest dostęp, lub nazwy podmiotu wykonującego dostęp, ale nie sprawdza prawidłowo wszystkich możliwych nazw tego zasobu lub podmiotu. Może to pozwolić atakującemu na obejście kontroli bezpieczeństwa poprzez użycie alternatywnych nazw lub reprezentacji tego samego zasobu.

Description (EN)

The product performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor.

Podatności CVE z CWE-289 (33)
9.8
CVSS
CRITICAL
CVE-2025-13613

Plugin Elated Membership dla WordPress w wersjach do 1.2 włącznie zawiera krytyczną lukę Authentication Bypass umożliwiającą nieuwierzytelnionym atakującym zalogowanie się na konta administratorów. Podatność jest szczególnie niebezpieczna, ponieważ nie wymaga żadnych uprawnień ani interakcji użytkownika.

pub. 2025-12-10
9.8
CVSS
CRITICAL
CVE-2023-1803

Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.

pub. 2023-04-14
9.8
CVSS
CRITICAL
CVE-2021-34746

A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to incomplete validation of user-supplied input that is passed to an authentication script. An attacker could exploit this vulnerability by injecting parameters into an authentication request. A successful exploit could allow the attacker to bypass authentication and log in as an administrator to the affected device.

pub. 2021-09-02
9.6
CVSS
CRITICAL
CVE-2025-29266

Podatność w Unraid 7.0.0 umożliwia zdalnym użytkownikom dostęp do panelu WebGUI oraz konsoli webowej z uprawnieniami root bez jakiegokolwiek uwierzytelnienia. Warunkiem wykorzystania jest uruchomienie kontenera w trybie sieciowym Host z włączoną opcją Use Tailscale.

pub. 2025-03-31
9.3
CVSS
CRITICAL
CVE-2024-56511

W narzędziu DataEase (do wizualizacji danych) wykryto poważną lukę w mechanizmie uwierzytelnienia klasy TokenFilter, która umożliwia nieautoryzowany dostęp do chronionych zasobów. Podatność jest szczególnie groźna, gdyż nie wymaga żadnych uprawnień ani interakcji użytkownika.

pub. 2025-01-10
9.1
CVSS
CRITICAL
CVE-2026-50627

Klasa JwtAccessTokenValidator w Apache CXF nie weryfikuje roszczenia 'aud' (Audience) w przychodzących tokenach JWT. Umożliwia to atakującemu ponowne użycie tokenu wydanego dla jednego serwera zasobów przeciwko innemu, co prowadzi do ataków typu Token Confusion/Routing.

pub. 2026-06-12
9.1
CVSS
CRITICAL
CVE-2025-55130

Podatność w modelu uprawnień Node.js umożliwia atakującemu obejście restrykcji `--allow-fs-read` i `--allow-fs-write` przy użyciu spreparowanych ścieżek względnych z dowiązaniami symbolicznymi. Skutkuje to możliwością odczytu i zapisu dowolnych plików poza dozwolonym katalogiem, co może prowadzić do kompromitacji systemu.

pub. 2026-01-20
8.8
CVSS
HIGH
CVE-2023-20046

A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user. There are workarounds that address this vulnerability.

pub. 2023-05-09
8.8
CVSS
HIGH
CVE-2017-16590

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. User interaction is required to exploit this vulnerability. The specific flaw exists within the MainFilter servlet. The issue results from the lack of proper string matching inside the doFilter method. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of Administrator. Was ZDI-CAN-5099.

pub. 2018-01-23
8.6
CVSS
HIGH
CVE-2026-44492

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When NO_PROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form (::ffff:7f00:1, ::ffff:a9fe:a9fe) still routes through the configured proxy. Node.js resolves these addresses to the underlying IPv4 host, so the request reaches the internal service via the proxy rather than being blocked. This vulnerability is fixed in 0.32.0 and 1.16.0.

pub. 2026-06-11
8.3
CVSS
HIGH
CVE-2026-32036

OpenClaw gateway plugin versions prior to 2026.2.26 contain a path traversal vulnerability that allows remote attackers to bypass route authentication checks by manipulating /api/channels paths with encoded dot-segment traversal sequences. Attackers can craft alternate paths using encoded traversal patterns to access protected plugin channel routes when handlers normalize the incoming path, circumventing security controls.

pub. 2026-03-19
8.2
CVSS
HIGH
CVE-2026-56091

When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an authentication bypass. This vulnerability is similar to https://www.cve.org/CVERecord?id=CVE-2020-1957 https://www.cve.org/CVERecord , except that it affects the `shiro-guice` module instead of the `shiro-spring` module. This issue affects all Apache Shiro versions through 2.x, and 3.0.0-alpha-1 only when using `shiro-guice` module in a web servlet context. Upgrade to version 3.0.0 or later, which fixes the issue.

pub. 2026-06-25
8.1
CVSS
HIGH
CVE-2026-24058

Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication bypass vulnerability that allows an attacker to impersonate any user (including admin) by "offering" the victim's public key during the SSH handshake before authenticating with their own valid key. This occurs because the user identity is stored in the session context during the "offer" phase and is not cleared if that specific authentication attempt fails. This issue has been fixed in version 0.11.3.

pub. 2026-01-22
8.1
CVSS
HIGH
CVE-2024-55634

A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.

pub. 2024-12-10
7.8
CVSS
HIGH
CVE-2026-53622

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 (QUIC) TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake selects the applicable TLS configuration through an exact, case-sensitive lookup on the SNI value, which fails to match wildcard host patterns (e.g., *.example.com) or case variants of the configured hostname. Because the handshake falls back to the default TLS configuration — which may not require client certificates — a client can complete the QUIC handshake without presenting a certificate, while the subsequent HTTP routing layer still dispatches the request to a backend protected by a router-specific mTLS policy. The issue affects deployments where HTTP/3 is enabled, a router uses a wildcard Host rule or case-insensitive hostname matching, a router-specific TLSOptions enforces client certificate authentication, and UDP access to the entrypoint is reachable by an attacker. This vulnerability is fixed in 3.7.3.

pub. 2026-06-23
7.8
CVSS
HIGH
CVE-2026-39858

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traefik's forwarded-header sanitization logic targets only canonical header names (e.g., X-Forwarded-Proto) and does not strip or normalize alias variants that use underscores instead of dashes (e.g., X_Forwarded_Proto). These unsanitized alias headers are forwarded intact to the authentication backend. When the backend normalizes underscore and dash header forms equivalently, an attacker can inject spoofed trust context — such as a trusted scheme or host — through the alias headers and bypass authentication on protected routes without valid credentials. This issue has been patched in versions 2.11.43, 3.6.14, and 3.7.0-rc.2.

pub. 2026-04-30
7.8
CVSS
HIGH
CVE-2025-64343

(conda) Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write access by authenticated users. Any logged in user can make modifications during the installation for both single-user and all-user installations. This constitutes a local attack vector if the installation is in a directory local users have access to. For single-user installations in a shared directory, these permissions persist after the installation. This issue is fixed in version 3.13.0.

pub. 2025-11-07
7.5
CVSS
HIGH
CVE-2025-41248

The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization bypass. Your application may be affected by this if you are using Spring Security's @EnableMethodSecurity feature. You are not affected by this if you are not using @EnableMethodSecurity or if you do not use security annotations on methods in generic superclasses or generic interfaces. This CVE is published in conjunction with CVE-2025-41249 https://spring.io/security/cve-2025-41249 .

pub. 2025-09-16
7.5
CVSS
HIGH
CVE-2024-11283

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to access arbitrary candidate accounts.

pub. 2025-03-14
7.5
CVSS
HIGH
CVE-2024-51996

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass. This vulnerability is fixed in 5.4.47, 6.4.15, and 7.1.8.

pub. 2024-11-13
Pokazano 20 z 33 podatności
Informacje
ID: CWE-289
Typ: Base
Podatności: 33
MITRE CWE ↗
← Słownik CWE