CWE-305: Authentication Bypass by Primary Weakness
low-riskThe authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Abstraction: Base
Common Consequences
Access Control
→
Bypass Protection Mechanism
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2023-34124 | 9.8 | 91.3% | — |
| CVE-2025-31161 | 9.8 | 86.2% | Y |
| CVE-2023-0777 | 9.8 | 76.2% | — |
| CVE-2024-37085 | 6.8 | 71.9% | Y |
| CVE-2021-26102 | 9.8 | 60.8% | — |
| CVE-2020-10923 | 8.8 | 50.2% | — |
| CVE-2024-50478 | 9.8 | 41.0% | — |
| CVE-2022-2651 | 9.8 | 16.9% | — |
| CVE-2024-1403 | 10.0 | 16.2% | — |
| CVE-2024-20674 | 8.8 | 16.0% | — |
9
/ 100
low-risk
Active Threat
8/50 · Minimal
Exploit Availability
1/50 · Minimal