CVEbaza.plSłownik CWECWE-304
Common Weakness Enumeration

CWE-304

Missing Critical Step in Authentication

Kategoria: BaseCVE: 34
Opis

Produkt implementuje technikę uwierzytelniania, ale pomija krok, który osłabia tę technikę. Pominięcie tego kroku prowadzi do znacznego obniżenia bezpieczeństwa procesu uwierzytelniania.

Description (EN)

The product implements an authentication technique, but it skips a step that weakens the technique.

Podatności CVE z CWE-304 (34)
9.8
CVSS
CRITICAL
CVE-2024-8954

Composio w wersji 0.5.10 nie weryfikuje wartości nagłówka `x-api-key` podczas uwierzytelniania, co umożliwia całkowite ominięcie mechanizmu ochrony dostępu. Podatność jest krytyczna, ponieważ nie wymaga żadnych uprawnień ani interakcji użytkownika i jest dostępna zdalnie przez sieć.

pub. 2025-03-20
9.8
CVSS
CRITICAL
CVE-2024-2172

Pluginy Malware Scanner oraz Web Application Firewall firmy MiniOrange dla WordPress zawierają krytyczną podatność umożliwiającą nieuwierzytelnionemu atakującemu uzyskanie uprawnień administratora. Brak sprawdzania uprawnień w funkcji mo_wpns_init() czyni tę podatność szczególnie niebezpieczną, gdyż nie wymaga żadnego uwierzytelnienia.

pub. 2024-03-13
9.8
CVSS
CRITICAL
CVE-2022-2302

Multiple Lenze products of the cabinet series skip the password verification upon second login. After a user has been logged on to the device once, a remote attacker can get full access without knowledge of the password.

pub. 2022-07-11
9.6
CVSS
CRITICAL
CVE-2026-44547

ChurchCRM w wersjach 7.2.0–7.2.2 pozostaje podatne na obejście uwierzytelnienia (Auth Bypass) z powodu niekompletnej poprawki dla CVE-2026-4058. Podatność ma ocenę CVSS 9.6 i jest aktywnie exploitowalna przy użyciu publicznie dostępnego PoC.

pub. 2026-05-12
9.0
CVSS
CRITICAL
CVE-2024-45764

Dell Enterprise SONiC OS w wersjach 4.1.x oraz 4.2.x zawiera podatność polegającą na pominięciu krytycznego kroku w procesie uwierzytelnienia (CWE-304). Nieuwierzytelniony atakujący z dostępem sieciowym może ominąć mechanizmy ochronne systemu bez podawania jakichkolwiek danych uwierzytelniających.

pub. 2024-11-08
8.8
CVSS
HIGH
CVE-2024-12048

An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization. Affected endpoints include but are not limited to /get/project/{project_id}, /get/schedule_data/{agent_id}, /delete/{agent_id}, /get/organisation/{organisation_id}, and /get/user/{user_id}.

pub. 2025-03-20
8.8
CVSS
HIGH
CVE-2022-40622

The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator, session takeover is possible.

pub. 2022-09-13
8.7
CVSS
HIGH
CVE-2019-16766

When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched in version 1.3.0.

pub. 2019-11-29
8.1
CVSS
HIGH
CVE-2026-42452

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow. However, the auth middleware accepts this token on regular authenticated endpoints. This effectively turns 2FA into single-factor (password) for impacted accounts. This issue has been patched in version 2.1.0.

pub. 2026-05-08
8.1
CVSS
HIGH
CVE-2025-24322

An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability.

pub. 2025-08-20
8.1
CVSS
HIGH
CVE-2024-9216

An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users' chat history. The vulnerability arises because the username is provided via an HTTP request from the client side, rather than being read from a secure source like a cookie. This allows an attacker to pass another user's username to the get_model function, thereby gaining unauthorized access to that user's chat history.

pub. 2025-03-20
8.1
CVSS
HIGH
CVE-2022-1065

A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. This issue affects: Abacus ERP v2022 versions prior to R1 of 2022-01-15; v2021 versions prior to R4 of 2022-01-15; v2020 versions prior to R6 of 2022-01-15; v2019 versions later than R5 (service pack); v2018 versions later than R5 (service pack). This issue does not affect: Abacus ERP v2019 versions prior to R5 of 2020-03-15; v2018 versions prior to R7 of 2020-04-15; v2017 version and prior versions and prior versions.

pub. 2022-04-19
8.0
CVSS
HIGH
CVE-2026-30831

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, authentication vulnerabilities exist in Rocket.Chat's enterprise DDP Streamer service. The Account.login method exposed through the DDP Streamer does not enforce Two-Factor Authentication (2FA) or validate user account status (deactivated users can still login), despite these checks being mandatory in the standard Meteor login flow. This issue has been patched in versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0.

pub. 2026-03-06
8.0
CVSS
HIGH
CVE-2024-11302

A missing check_access() function in the lollms_binding_infos module of the parisneo/lollms repository, version V14, allows attackers to add, modify, and remove bindings arbitrarily. This vulnerability affects the /install_binding and /reinstall_binding endpoints, among others, enabling unauthorized access and manipulation of binding settings without requiring the client_id value.

pub. 2025-03-20
7.6
CVSS
HIGH
CVE-2023-22833

Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances.

pub. 2023-06-06
7.5
CVSS
HIGH
CVE-2024-20153

In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08990446 / ALPS09057442; Issue ID: MSV-1598.

pub. 2025-01-06
7.5
CVSS
HIGH
CVE-2022-2821

Missing Critical Step in Authentication in GitHub repository namelessmc/nameless prior to v2.0.2.

pub. 2022-08-15
7.4
CVSS
HIGH
CVE-2025-55138

LinkJoin through 882f196 mishandles token ownership in password reset.

pub. 2025-08-07
7.4
CVSS
HIGH
CVE-2023-52424

The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an "SSID Confusion" issue. This occurs because the SSID is not always used to derive the pairwise master key or session keys, and because there is not a protected exchange of an SSID during a 4-way handshake.

pub. 2024-05-17
7.3
CVSS
HIGH
CVE-2026-55957

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1 through 10.1.36, from 9.0.0.M1 through 9.0.100, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Users are recommended to upgrade to version 11.0.5, 10.1.37 or 9.0.101, which fixes the issue.

pub. 2026-06-29
Pokazano 20 z 34 podatności
Informacje
ID: CWE-304
Typ: Base
Podatności: 34
MITRE CWE ↗
← Słownik CWE