Common Weakness Enumeration

CWE-305

Allowed

Authentication Bypass by Primary Weakness

Abstraction: Base · Status: Draft

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

281 vulnerabilities reference this CWE, most recent first.

GHSA-65MJ-7C86-79JF

Vulnerability from github – Published: 2022-01-27 15:23 – Updated: 2022-02-07 22:34
VLAI
Summary
Authentication Bypass in ADOdb/ADOdb
Details

Impact

An attacker can inject values into a PostgreSQL connection string by providing a parameter surrounded by single quotes.

Depending on how the library is used in the client software, this may allow an attacker to bypass the login process, gain access to the server's IP address, etc.

Patches

The vulnerability is fixed in ADOdb versions 5.20.21 (952de6c4273d9b1e91c2b838044f8c2111150c29) and 5.21.4 or later (b4d5ce70034c5aac3a1d51d317d93c037a0938d2).

The simplest patch is to delete line 29 in drivers/adodb-postgres64.inc.php:

diff --git a/drivers/adodb-postgres64.inc.php b/drivers/adodb-postgres64.inc.php
index d04b7f67..729d7141 100644
--- a/drivers/adodb-postgres64.inc.php
+++ b/drivers/adodb-postgres64.inc.php
@@ -26,7 +26,6 @@ function adodb_addslashes($s)
 {
    $len = strlen($s);
    if ($len == 0) return "''";
-   if (strncmp($s,"'",1) === 0 && substr($s,$len-1) == "'") return $s; // already quoted

    return "'".addslashes($s)."'";
 }

Workarounds

Ensure the parameters passed to ADOConnection::connect() or related functions (nConnect(), pConnect()) are not surrounded by single quotes.

Credits

Thanks to Emmet Leahy (@meme-lord) of Sorcery Ltd for reporting this vulnerability, and to the huntr team for their support.

References

  • Original issue report https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c/
  • ADOdb reference issue #793

For more information

If you have any questions or comments about this advisory: * Add a note in issue #793 * Contact the maintainers on Gitter

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 5.20.20"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "adodb/adodb-php"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.20.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 5.21.3"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "adodb/adodb-php"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.21.0"
            },
            {
              "fixed": "5.21.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-3850"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-305"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-24T22:39:29Z",
    "nvd_published_at": "2022-01-25T15:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nAn attacker can inject values into a PostgreSQL connection string by providing a parameter surrounded by single quotes.\n\nDepending on how the library is used in the client software, this may allow an attacker to bypass the login process, gain access to the server\u0027s IP address, etc.\n\n### Patches\n\nThe vulnerability is fixed in ADOdb versions 5.20.21 (952de6c4273d9b1e91c2b838044f8c2111150c29) and 5.21.4 or later (b4d5ce70034c5aac3a1d51d317d93c037a0938d2).\n\nThe simplest patch is to delete line 29 in `drivers/adodb-postgres64.inc.php`:\n\n```php\ndiff --git a/drivers/adodb-postgres64.inc.php b/drivers/adodb-postgres64.inc.php\nindex d04b7f67..729d7141 100644\n--- a/drivers/adodb-postgres64.inc.php\n+++ b/drivers/adodb-postgres64.inc.php\n@@ -26,7 +26,6 @@ function adodb_addslashes($s)\n {\n    $len = strlen($s);\n    if ($len == 0) return \"\u0027\u0027\";\n-   if (strncmp($s,\"\u0027\",1) === 0 \u0026\u0026 substr($s,$len-1) == \"\u0027\") return $s; // already quoted\n \n    return \"\u0027\".addslashes($s).\"\u0027\";\n }\n```\n\n### Workarounds\n\nEnsure the parameters passed to *ADOConnection::connect()* or related functions (_nConnect()_, _pConnect()_) are not surrounded by single quotes.\n\n### Credits\n\nThanks to **Emmet Leahy** (@meme-lord) of Sorcery Ltd for reporting this vulnerability, and to the [huntr](https://huntr.dev/) team for their support.\n\n### References\n\n- Original issue report https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c/\n- ADOdb reference issue #793 \n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Add a note in issue #793\n* Contact the maintainers on [Gitter](https://gitter.im/adodb/adodb)\n",
  "id": "GHSA-65mj-7c86-79jf",
  "modified": "2022-02-07T22:34:28Z",
  "published": "2022-01-27T15:23:19Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ADOdb/ADOdb/security/advisories/GHSA-65mj-7c86-79jf"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3850"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ADOdb/ADOdb/issues/793"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ADOdb/ADOdb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ADOdb/ADOdb/commit/b4d5ce70034c5aac3a1d51d317d93c037a0938d2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ADOdb/ADOdb"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5101"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Authentication Bypass in ADOdb/ADOdb"
}

GHSA-662C-CJ8Q-QC4G

Vulnerability from github – Published: 2024-08-08 12:30 – Updated: 2024-08-08 12:30
VLAI
Details

An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-4784"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-08T10:15:09Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy.",
  "id": "GHSA-662c-cj8q-qc4g",
  "modified": "2024-08-08T12:30:34Z",
  "published": "2024-08-08T12:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4784"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/2486223"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/461248"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-665G-QF3W-4VF7

Vulnerability from github – Published: 2026-07-03 09:31 – Updated: 2026-07-03 09:31
VLAI
Details

Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-35159"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-03T09:16:36Z",
    "severity": "MODERATE"
  },
  "details": "Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.",
  "id": "GHSA-665g-qf3w-4vf7",
  "modified": "2026-07-03T09:31:29Z",
  "published": "2026-07-03T09:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35159"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000452197/dsa-2026-195"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6H38-5XH4-GHC6

Vulnerability from github – Published: 2024-10-28 15:31 – Updated: 2026-04-23 15:32
VLAI
Details

Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50478"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-28T13:15:05Z",
    "severity": "CRITICAL"
  },
  "details": "Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5.",
  "id": "GHSA-6h38-5xh4-ghc6",
  "modified": "2026-04-23T15:32:45Z",
  "published": "2024-10-28T15:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50478"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/swoop-password-free-authentication/vulnerability/wordpress-1-click-login-passwordless-authentication-plugin-1-4-5-broken-authentication-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/swoop-password-free-authentication/wordpress-1-click-login-passwordless-authentication-plugin-1-4-5-broken-authentication-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6H3W-2XH7-WR95

Vulnerability from github – Published: 2026-05-26 13:30 – Updated: 2026-05-26 13:30
VLAI
Details

Improper handling of factor key state in the multi-factor authentication management feature in Devolutions Server allows an attacker with knowledge of a user's password to bypass the user's multi-factor authentication after the user reconfigures their factors.

This issue affects :

  • Devolutions Server 2026.1.6.0 through 2026.1.16.0
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-9047"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-22T16:16:23Z",
    "severity": "HIGH"
  },
  "details": "Improper handling of factor key state in the multi-factor authentication management feature in Devolutions Server allows an attacker with knowledge of a user\u0027s password to bypass the user\u0027s multi-factor authentication after the user reconfigures their factors.\n\nThis issue affects :\n\n  *  Devolutions Server 2026.1.6.0 through 2026.1.16.0",
  "id": "GHSA-6h3w-2xh7-wr95",
  "modified": "2026-05-26T13:30:19Z",
  "published": "2026-05-26T13:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9047"
    },
    {
      "type": "WEB",
      "url": "https://devolutions.net/security/advisories/DEVO-2026-0013"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6HQG-WJ7G-983R

Vulnerability from github – Published: 2026-05-04 15:31 – Updated: 2026-06-30 03:36
VLAI
Details

A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider (IDP) identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a victim's account or gain unauthorized access to other accounts, including administrative accounts, by manipulating the IDP-provided email.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-6266"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-04T14:16:35Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider (IDP) identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a victim\u0027s account or gain unauthorized access to other accounts, including administrative accounts, by manipulating the IDP-provided email.",
  "id": "GHSA-6hqg-wj7g-983r",
  "modified": "2026-06-30T03:36:29Z",
  "published": "2026-05-04T15:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6266"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:13508"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:13512"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:13545"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6266"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458142"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6266.json"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6J5C-GC78-PQGR

Vulnerability from github – Published: 2025-10-20 15:30 – Updated: 2025-10-20 18:30
VLAI
Details

A lack of rate limiting in the One-Time Password (OTP) verification endpoint of SigningHub v8.6.8 allows attackers to bypass verification via a bruteforce attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-56224"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305",
      "CWE-307"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-20T13:15:44Z",
    "severity": "MODERATE"
  },
  "details": "A lack of rate limiting in the One-Time Password (OTP) verification endpoint of SigningHub v8.6.8 allows attackers to bypass verification via a bruteforce attack.",
  "id": "GHSA-6j5c-gc78-pqgr",
  "modified": "2025-10-20T18:30:32Z",
  "published": "2025-10-20T15:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-56224"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saykino/CVE-2025-56224"
    },
    {
      "type": "WEB",
      "url": "http://ascertia.com"
    },
    {
      "type": "WEB",
      "url": "http://signinghub.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6P47-2PGH-WJ76

Vulnerability from github – Published: 2025-05-08 12:34 – Updated: 2025-05-14 12:31
VLAI
Details

Improper Authentication vulnerability in Danfoss AKSM8xxA Series.This issue affects Danfoss AK-SM 8xxA Series prior to version 4.2

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-41450"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-08T10:15:18Z",
    "severity": "HIGH"
  },
  "details": "Improper Authentication vulnerability in Danfoss AKSM8xxA Series.This issue affects Danfoss AK-SM 8xxA Series prior to version 4.2",
  "id": "GHSA-6p47-2pgh-wj76",
  "modified": "2025-05-14T12:31:11Z",
  "published": "2025-05-08T12:34:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41450"
    },
    {
      "type": "WEB",
      "url": "https://sm800a.danfoss.com/sw_shared/SM800A-4.2.4.spk"
    },
    {
      "type": "WEB",
      "url": "https://www.danfoss.com/en/service-and-support/coordinated-vulnerability-disclosure/danfoss-security-advisories/dsa-2025-03-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6W6J-7XVM-32V2

Vulnerability from github – Published: 2026-01-23 15:31 – Updated: 2026-06-05 18:31
VLAI
Details

Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass, Password Recovery Exploitation.This issue affects Sufirmam: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-4320"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-23T13:15:49Z",
    "severity": "CRITICAL"
  },
  "details": "Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass, Password Recovery Exploitation.This issue affects Sufirmam: through 23012026.\u00a0NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-6w6j-7xvm-32v2",
  "modified": "2026-06-05T18:31:31Z",
  "published": "2026-01-23T15:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4320"
    },
    {
      "type": "WEB",
      "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0005"
    },
    {
      "type": "WEB",
      "url": "https://www.usom.gov.tr/bildirim/tr-26-0005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-73VG-MQ6J-X5W2

Vulnerability from github – Published: 2026-01-22 21:33 – Updated: 2026-01-22 21:33
VLAI
Details

A vulnerability in Palantir's Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, potentially allowing any network-accessible client to view system logs and perform operations without valid credentials. No evidence of exploitation was identified during the vulnerability window.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-68609"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-22T19:15:53Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in Palantir\u0027s Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, potentially allowing any network-accessible client to view system logs and perform operations without valid credentials. No evidence of exploitation was identified during the vulnerability window.",
  "id": "GHSA-73vg-mq6j-x5w2",
  "modified": "2026-01-22T21:33:47Z",
  "published": "2026-01-22T21:33:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68609"
    },
    {
      "type": "WEB",
      "url": "https://palantir.safebase.us/?tcuUid=955a313a-1735-48a6-9fb4-e10404f14eb5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.