CWE-303
AllowedIncorrect Implementation of Authentication Algorithm
Abstraction: Base · Status: Draft
The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.
153 vulnerabilities reference this CWE, most recent first.
CVE-2026-29515 (GCVE-0-2026-29515)
Vulnerability from cvelistv5 – Published: 2026-03-11 03:23 – Updated: 2026-07-14 18:39 Unsupported When Assigned- CWE-303 - Incorrect implementation of authentication algorithm
| URL | Tags |
|---|---|
| https://github.com/MiCode/FileExplorer | product |
| https://www.vulncheck.com/advisories/micode-filee… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| MiCode | FileExplorer |
Affected:
0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-29515",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T15:38:06.818186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T15:39:47.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"packageName": "net.micode.fileexplorer",
"packageURL": "pkg:github/MiCode/FileExplorer",
"product": "FileExplorer",
"repo": "https://github.com/MiCode/FileExplorer",
"vendor": "MiCode",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "XavLimSG"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulnCheck"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send arbitrary username and password combinations to the PASS command handler, which unconditionally grants access and allows listing, reading, writing, and deleting files exposed by the FTP server. The MiCode/Explorer open source project has reached end-of-life status."
}
],
"value": "MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send arbitrary username and password combinations to the PASS command handler, which unconditionally grants access and allows listing, reading, writing, and deleting files exposed by the FTP server. The MiCode/Explorer open source project has reached end-of-life status."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303 Incorrect implementation of authentication algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T18:39:55.317Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"product"
],
"url": "https://github.com/MiCode/FileExplorer"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/micode-fileexplorer-swiftp-server-authentication-bypass"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"title": "MiCode FileExplorer SwiFTP Server Authentication Bypass",
"x_generator": {
"engine": "Vulnogram 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-29515",
"datePublished": "2026-03-11T03:23:00.932Z",
"dateReserved": "2026-03-04T15:39:26.872Z",
"dateUpdated": "2026-07-14T18:39:55.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27656 (GCVE-0-2026-27656)
Vulnerability from cvelistv5 – Published: 2026-03-25 16:28 – Updated: 2026-03-26 13:19- CWE-303 - Incorrect Implementation of Authentication Algorithm
| URL | Tags |
|---|---|
| https://mattermost.com/security-updates | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost |
Affected:
11.4.0 , ≤ 11.4.0
(semver)
Affected: 11.3.0 , ≤ 11.3.1 (semver) Affected: 11.2.0 , ≤ 11.2.3 (semver) Affected: 10.11.0 , ≤ 10.11.11 (semver) Unaffected: 11.5.0 Unaffected: 11.4.1 Unaffected: 11.3.2 Unaffected: 11.2.4 Unaffected: 10.11.12 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T03:55:33.452102Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T13:19:52.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "11.4.0",
"status": "affected",
"version": "11.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.3.1",
"status": "affected",
"version": "11.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.2.3",
"status": "affected",
"version": "11.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.11.11",
"status": "affected",
"version": "10.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "11.5.0"
},
{
"status": "unaffected",
"version": "11.4.1"
},
{
"status": "unaffected",
"version": "11.3.2"
},
{
"status": "unaffected",
"version": "11.2.4"
},
{
"status": "unaffected",
"version": "10.11.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christopher Poile"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 11.4.x \u003c= 11.4.0, 11.3.x \u003c= 11.3.1, 11.2.x \u003c= 11.2.3, 10.11.x \u003c= 10.11.11 fail to properly validate user identity in the OpenID {{IsSameUser()}} comparison logic, which allows an attacker to take over arbitrary user accounts via an overly permissive substring matching flaw in the user discovery flow.. Mattermost Advisory ID: MMSA-2026-00590"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T16:28:29.739Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"name": "MMSA-2026-00590",
"tags": [
"vendor-advisory"
],
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 11.5.0, 11.4.1, 11.3.2, 11.2.4, 10.11.12 or higher."
}
],
"source": {
"advisory": "MMSA-2026-00590",
"defect": [
"https://mattermost.atlassian.net/browse/MM-67181"
],
"discovery": "{\"self\"=\u003e\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=\u003e\"Internal\", \"id\"=\u003e\"10557\"}"
},
"title": "Account Takeover via Substring Matching in OpenID Connect Authentication",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2026-27656",
"datePublished": "2026-03-25T16:28:29.739Z",
"dateReserved": "2026-02-23T22:07:32.808Z",
"dateUpdated": "2026-03-26T13:19:52.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8922 (GCVE-0-2026-8922)
Vulnerability from cvelistv5 – Published: 2026-05-19 06:27 – Updated: 2026-06-26 06:46- CWE-303 - Incorrect Implementation of Authentication Algorithm
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:25097 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:25098 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:30049 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:30050 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2026-8922 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2479586 | issue-trackingx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat build of Keycloak 26.4 |
Unaffected:
26.4.13-1 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.4::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.4 |
Unaffected:
26.4-19 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.4::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.4.13 |
cpe:/a:redhat:build_keycloak:26.4::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.6 |
Unaffected:
26.6.3-3 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.6::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.6 |
Unaffected:
26.6-6 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.6::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.6.3 |
cpe:/a:redhat:build_keycloak:26.6::el9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8922",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-19T12:53:15.432674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T13:41:56.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-operator-bundle",
"product": "Red Hat build of Keycloak 26.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.4.13-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9",
"product": "Red Hat build of Keycloak 26.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.4-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9-operator",
"product": "Red Hat build of Keycloak 26.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.4-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "unaffected",
"packageName": "rhbk/keycloak-rhel9-operator",
"product": "Red Hat build of Keycloak 26.4.13",
"vendor": "Red Hat"
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.6::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-operator-bundle",
"product": "Red Hat build of Keycloak 26.6",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.6.3-3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.6::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9",
"product": "Red Hat build of Keycloak 26.6",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.6-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.6::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9-operator",
"product": "Red Hat build of Keycloak 26.6",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.6-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.6::el9"
],
"defaultStatus": "unaffected",
"packageName": "rhbk/keycloak-rhel9-operator",
"product": "Red Hat build of Keycloak 26.6.3",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Joy Gilbert and Reynaldo Immanuel for reporting this issue."
}
],
"datePublic": "2026-05-19T06:22:56.138Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Keycloak. When both realm-level and client-level `notBefore` revocation policies are configured, Keycloak\u0027s OpenID Connect (OIDC) Introspection feature fails to properly honor the realm-level policy. This allows tokens that should have been revoked to remain active, potentially leading to unauthorized access or continued session validity. This could impact the security of systems utilizing Keycloak for identity and access management."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T06:46:19.583Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:25097",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25097"
},
{
"name": "RHSA-2026:25098",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25098"
},
{
"name": "RHSA-2026:30049",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30049"
},
{
"name": "RHSA-2026:30050",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30050"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-8922"
},
{
"name": "RHBZ#2479586",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479586"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-18T14:50:44.323Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-19T06:22:56.138Z",
"value": "Made public."
}
],
"title": "Org.keycloak/keycloak-services: keycloak: org.keycloak.protocol.oidc: security flaw in org.keycloak/keycloak-services",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-303: Incorrect Implementation of Authentication Algorithm"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-8922",
"datePublished": "2026-05-19T06:27:35.781Z",
"dateReserved": "2026-05-19T06:07:42.943Z",
"dateUpdated": "2026-06-26T06:46:19.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0999 (GCVE-0-2026-0999)
Vulnerability from cvelistv5 – Published: 2026-02-16 09:47 – Updated: 2026-02-17 16:53- CWE-303 - Incorrect Implementation of Authentication Algorithm
| URL | Tags |
|---|---|
| https://mattermost.com/security-updates | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost |
Affected:
11.1.0 , ≤ 11.1.2
(semver)
Affected: 10.11.0 , ≤ 10.11.9 (semver) Affected: 11.2.0 , ≤ 11.2.1 (semver) Unaffected: 11.3.0 Unaffected: 11.1.3 Unaffected: 10.11.10 Unaffected: 11.2.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0999",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T16:52:58.796354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T16:53:07.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "11.1.2",
"status": "affected",
"version": "11.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.11.9",
"status": "affected",
"version": "10.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.2.1",
"status": "affected",
"version": "11.2.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "11.3.0"
},
{
"status": "unaffected",
"version": "11.1.3"
},
{
"status": "unaffected",
"version": "10.11.10"
},
{
"status": "unaffected",
"version": "11.2.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "daw10"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 11.1.x \u003c= 11.1.2, 10.11.x \u003c= 10.11.9, 11.2.x \u003c= 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-16T09:47:45.960Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"name": "MMSA-2025-00548",
"tags": [
"vendor-advisory"
],
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 11.3.0, 11.1.3, 10.11.10, 11.2.2 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00548",
"defect": [
"https://mattermost.atlassian.net/browse/MM-66415"
],
"discovery": "EXTERNAL"
},
"title": "Authentication bypass via userID login when email and username login are disabled"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2026-0999",
"datePublished": "2026-02-16T09:47:45.960Z",
"dateReserved": "2026-01-15T15:59:41.357Z",
"dateUpdated": "2026-02-17T16:53:07.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66489 (GCVE-0-2025-66489)
Vulnerability from cvelistv5 – Published: 2025-12-03 19:44 – Updated: 2025-12-03 21:48- CWE-303 - Incorrect Implementation of Authentication Algorithm
| URL | Tags |
|---|---|
| https://github.com/calcom/cal.com/security/adviso… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T21:48:18.299562Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T21:48:27.861Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cal.com",
"vendor": "calcom",
"versions": [
{
"status": "affected",
"version": "\u003c 5.9.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in the authentication flow. This vulnerability is fixed in 5.9.8."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T19:44:35.303Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/calcom/cal.com/security/advisories/GHSA-9r3w-4j8q-pw98",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/calcom/cal.com/security/advisories/GHSA-9r3w-4j8q-pw98"
}
],
"source": {
"advisory": "GHSA-9r3w-4j8q-pw98",
"discovery": "UNKNOWN"
},
"title": "Cal.com Authentication Bypass via bad TOTP + password checks"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66489",
"datePublished": "2025-12-03T19:44:35.303Z",
"dateReserved": "2025-12-02T22:44:04.707Z",
"dateUpdated": "2025-12-03T21:48:27.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61783 (GCVE-0-2025-61783)
Vulnerability from cvelistv5 – Published: 2025-10-09 20:57 – Updated: 2025-10-15 19:49- CWE-303 - Incorrect Implementation of Authentication Algorithm
| URL | Tags |
|---|---|
| https://github.com/python-social-auth/social-app-… | x_refsource_CONFIRM |
| https://github.com/python-social-auth/social-app-… | x_refsource_MISC |
| https://github.com/python-social-auth/social-app-… | x_refsource_MISC |
| https://github.com/python-social-auth/social-app-… | x_refsource_MISC |
| https://github.com/python-social-auth/social-app-… | x_refsource_MISC |
| https://github.com/python-social-auth/social-app-… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| python-social-auth | social-app-django |
Affected:
< 5.6.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61783",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T19:49:15.864104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T19:49:22.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/python-social-auth/social-app-django/issues/634"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/python-social-auth/social-app-django/issues/231"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/python-social-auth/social-app-django/issues/220"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "social-app-django",
"vendor": "python-social-auth",
"versions": [
{
"status": "affected",
"version": "\u003c 5.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn\u0027t require unique e-mail addresses. Version 5.6.0 contains a patch. As a workaround, review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T20:57:20.734Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-wv4w-6qv2-qqfg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-wv4w-6qv2-qqfg"
},
{
"name": "https://github.com/python-social-auth/social-app-django/issues/220",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-social-auth/social-app-django/issues/220"
},
{
"name": "https://github.com/python-social-auth/social-app-django/issues/231",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-social-auth/social-app-django/issues/231"
},
{
"name": "https://github.com/python-social-auth/social-app-django/issues/634",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-social-auth/social-app-django/issues/634"
},
{
"name": "https://github.com/python-social-auth/social-app-django/pull/803",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-social-auth/social-app-django/pull/803"
},
{
"name": "https://github.com/python-social-auth/social-app-django/commit/10c80e2ebabeccd4e9c84ad0e16e1db74148ed4c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-social-auth/social-app-django/commit/10c80e2ebabeccd4e9c84ad0e16e1db74148ed4c"
}
],
"source": {
"advisory": "GHSA-wv4w-6qv2-qqfg",
"discovery": "UNKNOWN"
},
"title": "Python Social Auth - Django has unsafe account association"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-61783",
"datePublished": "2025-10-09T20:57:20.734Z",
"dateReserved": "2025-09-30T19:43:49.902Z",
"dateUpdated": "2025-10-15T19:49:22.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57808 (GCVE-0-2025-57808)
Vulnerability from cvelistv5 – Published: 2025-09-02 00:26 – Updated: 2025-09-02 14:03- CWE-303 - Incorrect Implementation of Authentication Algorithm
| URL | Tags |
|---|---|
| https://github.com/esphome/esphome/security/advis… | x_refsource_CONFIRM |
| https://github.com/esphome/esphome/commit/2aceb56… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57808",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T14:03:56.354112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T14:03:58.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/esphome/esphome/security/advisories/GHSA-mxh2-ccgj-8635"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "esphome",
"vendor": "esphome",
"versions": [
{
"status": "affected",
"version": "= 2025.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ESPHome is a system to control microcontrollers remotely through Home Automation systems. In version 2025.8.0 in the ESP-IDF platform, ESPHome\u0027s web_server authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correct value. This allows access to web_server functionality (including OTA, if enabled) without knowing any information about the correct username or password. This issue has been patched in version 2025.8.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T00:26:09.017Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/esphome/esphome/security/advisories/GHSA-mxh2-ccgj-8635",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/esphome/esphome/security/advisories/GHSA-mxh2-ccgj-8635"
},
{
"name": "https://github.com/esphome/esphome/commit/2aceb56606ec8afec5f49c92e140c8050a6ccbe5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/esphome/esphome/commit/2aceb56606ec8afec5f49c92e140c8050a6ccbe5"
}
],
"source": {
"advisory": "GHSA-mxh2-ccgj-8635",
"discovery": "UNKNOWN"
},
"title": "ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-57808",
"datePublished": "2025-09-02T00:26:09.017Z",
"dateReserved": "2025-08-20T14:30:35.010Z",
"dateUpdated": "2025-09-02T14:03:58.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53782 (GCVE-0-2025-53782)
Vulnerability from cvelistv5 – Published: 2025-10-14 17:00 – Updated: 2026-02-22 17:24- CWE-303 - Incorrect Implementation of Authentication Algorithm
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Affected:
15.01.0.0 , < 15.01.2507.061
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 14 |
Affected:
15.02.0.0 , < 15.02.1544.036
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 15 |
Affected:
15.02.0.0 , < 15.02.1748.039
(custom)
|
|
| Microsoft | Microsoft Exchange Server Subscription Edition RTM |
Affected:
15.02.0.0 , < 15.02.2562.029
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53782",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T15:57:51.233371Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T14:05:04.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.061",
"status": "affected",
"version": "15.01.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1544.036",
"status": "affected",
"version": "15.02.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 15",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1748.039",
"status": "affected",
"version": "15.02.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server Subscription Edition RTM",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.2562.029",
"status": "affected",
"version": "15.02.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server_2019:*:cumulative_update_15:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1748.039",
"versionStartIncluding": "15.02.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server_2019:*:cumulative_update_14:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1544.036",
"versionStartIncluding": "15.02.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server_se:*:RTM:*:*:*:*:*:*",
"versionEndExcluding": "15.02.2562.029",
"versionStartIncluding": "15.02.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server_2016:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.061",
"versionStartIncluding": "15.01.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-10-14T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-22T17:24:09.972Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53782"
}
],
"title": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-53782",
"datePublished": "2025-10-14T17:00:08.402Z",
"dateReserved": "2025-07-09T13:25:25.502Z",
"dateUpdated": "2026-02-22T17:24:09.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48994 (GCVE-0-2025-48994)
Vulnerability from cvelistv5 – Published: 2025-06-02 16:22 – Updated: 2025-06-02 16:30- CWE-303 - Incorrect Implementation of Authentication Algorithm
| URL | Tags |
|---|---|
| https://github.com/XML-Security/signxml/security/… | x_refsource_CONFIRM |
| https://github.com/XML-Security/signxml/commit/e3… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| XML-Security | signxml |
Affected:
< 4.0.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48994",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-02T16:30:36.729167Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T16:30:51.717Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "signxml",
"vendor": "XML-Security",
"versions": [
{
"status": "affected",
"version": "\u003c 4.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (`signxml.XMLVerifier.verify(require_x509=False, hmac_key=...`), versions of SignXML prior to 4.0.4 are vulnerable to a potential algorithm confusion attack. Unless the user explicitly limits the expected signature algorithms using the `signxml.XMLVerifier.verify(expect_config=...)` setting, an attacker may supply a signature unexpectedly signed with a key other than the provided HMAC key, using a different (asymmetric key) signature algorithm. Starting with SignXML 4.0.4, specifying `hmac_key` causes the set of accepted signature algorithms to be restricted to HMAC only, if not already restricted by the user."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T16:22:08.966Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/XML-Security/signxml/security/advisories/GHSA-6vx8-pcwv-xhf4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/XML-Security/signxml/security/advisories/GHSA-6vx8-pcwv-xhf4"
},
{
"name": "https://github.com/XML-Security/signxml/commit/e3c0c2b82a3329a65d917830657649c98b8c7600",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/XML-Security/signxml/commit/e3c0c2b82a3329a65d917830657649c98b8c7600"
}
],
"source": {
"advisory": "GHSA-6vx8-pcwv-xhf4",
"discovery": "UNKNOWN"
},
"title": "SignXML\u0027s signature verification with HMAC is vulnerable to an algorithm confusion attack"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48994",
"datePublished": "2025-06-02T16:22:08.966Z",
"dateReserved": "2025-05-29T16:34:07.174Z",
"dateUpdated": "2025-06-02T16:30:51.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43856 (GCVE-0-2025-43856)
Vulnerability from cvelistv5 – Published: 2025-07-11 17:10 – Updated: 2025-07-11 18:13- CWE-303 - Incorrect Implementation of Authentication Algorithm
| URL | Tags |
|---|---|
| https://github.com/immich-app/immich/security/adv… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| immich-app | immich |
Affected:
< 1.132.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43856",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T18:12:48.333486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T18:13:00.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "immich",
"vendor": "immich-app",
"versions": [
{
"status": "affected",
"version": "\u003c 1.132.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "immich is a high performance self-hosted photo and video management solution. Prior to 1.132.0, immich is vulnerable to account hijacking through oauth2, because the state parameter is not being checked. The oauth2 state parameter is similar to a csrf token, so when the user starts the login flow this unpredictable token is generated and somehow saved in the browser session and passed to the identity provider, which will return the state parameter when redirecting the user back to immich. Before the user is logged in that parameter needs to be verified to make sure the login was actively initiated by the user in this browser session. On it\u0027s own, this wouldn\u0027t be too bad, but when immich uses the /user-settings page as a redirect_uri, it will automatically link the accounts if the user was already logged in. This means that if someone has an immich instance with a public oauth provider (like google), an attacker can - for example - embed a hidden iframe in a webpage or even just send the victim a forged oauth login url with a code that logs the victim into the attackers oauth account and redirects back to immich and links the accounts. After this, the attacker can log into the victims account using their own oauth credentials. This vulnerability is fixed in 1.132.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:10:52.423Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/immich-app/immich/security/advisories/GHSA-3832-6r8h-9cfm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/immich-app/immich/security/advisories/GHSA-3832-6r8h-9cfm"
}
],
"source": {
"advisory": "GHSA-3832-6r8h-9cfm",
"discovery": "UNKNOWN"
},
"title": "immich allows account hijacking through oauth2"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-43856",
"datePublished": "2025-07-11T17:10:52.423Z",
"dateReserved": "2025-04-17T20:07:08.555Z",
"dateUpdated": "2025-07-11T18:13:00.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
CAPEC-90: Reflection Attack in Authentication Protocol
An adversary can abuse an authentication protocol susceptible to reflection attack in order to defeat it. Doing so allows the adversary illegitimate access to the target system, without possessing the requisite credentials. Reflection attacks are of great concern to authentication protocols that rely on a challenge-handshake or similar mechanism. An adversary can impersonate a legitimate user and can gain illegitimate access to the system by successfully mounting a reflection attack during authentication.