Weakness ID: 305
Abstraction: Base Status: Draft
authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Time of Introduction
Architecture and Design
Technical Impact: Bypass protection
The provided password is only compared against the
first character of the real password.
The password is not properly checked, which allows
remote attackers to bypass access controls by sending a 1-byte password that
matches the first character of the real password.
Chain: Forum software does not properly initialize
an array, which inadvertently sets the password to a single character,
allowing remote attackers to easily guess the password and gain
Most "authentication bypass" errors are resultant, not primary.
Mapped Taxonomy Name Node ID Fit Mapped Node Name
PLOVER Authentication Bypass by Primary Weakness
Submissions Submission Date Submitter Organization Source PLOVER Externally Mined Modifications Modification Date Modifier Organization Source 2008-07-01 Eric Dalci Cigital External updated Time_of_Introduction 2008-09-08 CWE Content Team MITRE Internal updated Relationships, Relationship_Notes,
Taxonomy_Mappings 2008-11-24 CWE Content Team MITRE Internal updated Observed_Examples 2011-06-01 CWE Content Team MITRE Internal updated Common_Consequences 2012-05-11 CWE Content Team MITRE Internal updated Observed_Examples,
Relationships 2014-07-30 CWE Content Team MITRE Internal updated Relationships 2017-05-03 CWE Content Team MITRE Internal updated Relationships
More information is available — Please select a different filter.