CWE-305 使用基本弱点进行的认证绕过
Authentication Bypass by Primary Weakness
结构: Simple
Abstraction: Base
状态: Draft
被利用可能性: unkown
基本描述
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 287 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 287 cwe_View_ID: 699 cwe_Ordinal: Primary
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Access Control | Bypass Protection Mechanism |
分析过的案例
| 标识 | 说明 | 链接 |
|---|---|---|
| CVE-2002-1374 | The provided password is only compared against the first character of the real password. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1374 |
| CVE-2000-0979 | The password is not properly checked, which allows remote attackers to bypass access controls by sending a 1-byte password that matches the first character of the real password. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0979 |
| CVE-2001-0088 | Chain: Forum software does not properly initialize an array, which inadvertently sets the password to a single character, allowing remote attackers to easily guess the password and gain administrative privileges. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0088 |
Notes
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| PLOVER | Authentication Bypass by Primary Weakness |