Common Weakness Enumeration

CWE-303

Allowed

Incorrect Implementation of Authentication Algorithm

Abstraction: Base · Status: Draft

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

153 vulnerabilities reference this CWE, most recent first.

GHSA-R578-PJ6F-R4FF

Vulnerability from github – Published: 2021-06-21 17:07 – Updated: 2021-06-16 21:25
VLAI
Summary
Auto-merging Person Records Compromised
Details

Impact

New user registrations are able to access anyone's account by only knowing their basic profile information (name, birthday, gender, etc). This includes all app functionality within the app, as well as any authenticated links to Rock-based webpages (such as giving and events).

Patches

We have released a security patch on v2.20.0. The solution was to create a duplicate person and then patch the new person with their profile details.

Workarounds

If you do not wish to upgrade your app to the new version, you can patch your server by overriding the create data source method on the People class.

  create = async (profile) => {
    const rockUpdateFields = this.mapApollosFieldsToRock(profile);
    // auto-merge functionality is compromised
    // we are creating a new user and patching them with profile details
    const id = await this.post('/People', {
      Gender: 0, // required by Rock. Listed first so it can be overridden.
      IsSystem: false, // required by rock
    });
    await this.patch(`/People/${id}`, {
      ...rockUpdateFields,
    });
    return id;
  };

For more information

If you have any questions or comments about this advisory: * Email us at support@apollos.app

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@apollosproject/data-connector-rock"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.20.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-32691"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-303"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-06-16T18:55:04Z",
    "nvd_published_at": "2021-06-16T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nNew user registrations are able to access anyone\u0027s account by only knowing their basic profile information (name, birthday, gender, etc). This includes all app functionality within the app, as well as any authenticated links to Rock-based webpages (such as giving and events).\n\n### Patches\n\nWe have released a security patch on v2.20.0. The solution was to create a duplicate person and then patch the new person with their profile details.\n\n### Workarounds\n\nIf you do not wish to upgrade your app to the new version, you can patch your server by overriding the `create` data source method on the `People` class.\n\n```js\n  create = async (profile) =\u003e {\n    const rockUpdateFields = this.mapApollosFieldsToRock(profile);\n    // auto-merge functionality is compromised\n    // we are creating a new user and patching them with profile details\n    const id = await this.post(\u0027/People\u0027, {\n      Gender: 0, // required by Rock. Listed first so it can be overridden.\n      IsSystem: false, // required by rock\n    });\n    await this.patch(`/People/${id}`, {\n      ...rockUpdateFields,\n    });\n    return id;\n  };\n```\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at [support@apollos.app](mailto:support@apollos.app)\n",
  "id": "GHSA-r578-pj6f-r4ff",
  "modified": "2021-06-16T21:25:21Z",
  "published": "2021-06-21T17:07:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ApollosProject/apollos-apps/security/advisories/GHSA-r578-pj6f-r4ff"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32691"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ApollosProject/apollos-apps/commit/cb5f8f1c0b24f1b215b2bb5eb6f9a8e16d728ce2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ApollosProject/apollos-apps/releases/tag/v2.20.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Auto-merging Person Records Compromised"
}

GHSA-RC38-F4J6-JQ4F

Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32
VLAI
Details

Incorrect implementation of authentication algorithm in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-50360"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-303"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T18:17:36Z",
    "severity": "HIGH"
  },
  "details": "Incorrect implementation of authentication algorithm in Windows SMB Server allows an authorized attacker to elevate privileges over a network.",
  "id": "GHSA-rc38-f4j6-jq4f",
  "modified": "2026-07-14T18:32:17Z",
  "published": "2026-07-14T18:32:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50360"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50360"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VCX9-38WQ-HX3H

Vulnerability from github – Published: 2024-08-14 15:31 – Updated: 2024-08-14 15:31
VLAI
Details

An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure or modification.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-25157"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-303"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-14T15:15:18Z",
    "severity": "MODERATE"
  },
  "details": "An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure or modification.",
  "id": "GHSA-vcx9-38wq-hx3h",
  "modified": "2024-08-14T15:31:17Z",
  "published": "2024-08-14T15:31:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25157"
    },
    {
      "type": "WEB",
      "url": "https://www.fortra.com/security/advisories/product-security/fi-2024-009"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VJHP-527W-C5VJ

Vulnerability from github – Published: 2023-06-22 18:30 – Updated: 2024-04-04 05:01
VLAI
Details

pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3326"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-303"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-22T17:15:44Z",
    "severity": "CRITICAL"
  },
  "details": "pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system.\n",
  "id": "GHSA-vjhp-527w-c5vj",
  "modified": "2024-04-04T05:01:18Z",
  "published": "2023-06-22T18:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3326"
    },
    {
      "type": "WEB",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:04.pam_krb5.asc"
    },
    {
      "type": "WEB",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:09.pam_krb5.asc"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230714-0005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W9J2-M5WX-FQQ4

Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-12 18:30
VLAI
Details

Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-41103"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-303"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-12T18:17:21Z",
    "severity": "CRITICAL"
  },
  "details": "Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira \u0026amp; Confluence allows an unauthorized attacker to elevate privileges over a network.",
  "id": "GHSA-w9j2-m5wx-fqq4",
  "modified": "2026-05-12T18:30:46Z",
  "published": "2026-05-12T18:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41103"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41103"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WCM6-243C-86F3

Vulnerability from github – Published: 2026-02-04 00:30 – Updated: 2026-07-10 15:31
VLAI
Details

EspoCRM 5.8.5 contains an authentication vulnerability that allows attackers to access other user accounts by manipulating authorization headers. Attackers can decode and modify Basic Authorization and Espo-Authorization tokens to gain unauthorized access to administrative user information and privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-37094"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-303",
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-03T22:16:25Z",
    "severity": "HIGH"
  },
  "details": "EspoCRM 5.8.5 contains an authentication vulnerability that allows attackers to access other user accounts by manipulating authorization headers. Attackers can decode and modify Basic Authorization and Espo-Authorization tokens to gain unauthorized access to administrative user information and privileges.",
  "id": "GHSA-wcm6-243c-86f3",
  "modified": "2026-07-10T15:31:34Z",
  "published": "2026-02-04T00:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37094"
    },
    {
      "type": "WEB",
      "url": "https://github.com/espocrm/espocrm/commit/b299220dd0c7acdaa1ed8be8ffd79c7985093c7a"
    },
    {
      "type": "WEB",
      "url": "https://www.espocrm.com"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/48376"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/espocrm-privilege-escalation"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/espocrm-two-factor-auth-bypass-via-auth-token-reuse-between-accounts-with-identical-passwords"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-WHX2-QJXV-4VR9

Vulnerability from github – Published: 2024-05-03 03:30 – Updated: 2024-05-03 03:30
VLAI
Details

D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. A crafted authentication header can cause authentication to succeed without providing proper credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20910.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-34282"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-303"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T02:15:27Z",
    "severity": "HIGH"
  },
  "details": "D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. A crafted authentication header can cause authentication to succeed without providing proper credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20910.",
  "id": "GHSA-whx2-qjxv-4vr9",
  "modified": "2024-05-03T03:30:51Z",
  "published": "2024-05-03T03:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34282"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-628"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WMPM-9R6P-RPWW

Vulnerability from github – Published: 2024-01-24 21:30 – Updated: 2025-06-20 21:31
VLAI
Details

An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-42146"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-303",
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-24T19:15:08Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients).",
  "id": "GHSA-wmpm-9r6p-rpww",
  "modified": "2025-06-20T21:31:54Z",
  "published": "2024-01-24T21:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42146"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2024/Jan/19"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Jan/19"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WV4W-6QV2-QQFG

Vulnerability from github – Published: 2025-10-09 17:08 – Updated: 2025-10-13 15:40
VLAI
Summary
Python Social Auth - Django has unsafe account association
Details

Impact

Upon authentication, the user could be associated by e-mail even if the associate_by_email pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses.

Patches

  • https://github.com/python-social-auth/social-app-django/pull/803

Workarounds

Review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "social-auth-app-django"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-61783"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-290",
      "CWE-303"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-09T17:08:05Z",
    "nvd_published_at": "2025-10-09T21:15:40Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nUpon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn\u0027t require unique e-mail addresses.\n\n### Patches\n\n* https://github.com/python-social-auth/social-app-django/pull/803\n\n### Workarounds\n\nReview the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.",
  "id": "GHSA-wv4w-6qv2-qqfg",
  "modified": "2025-10-13T15:40:00Z",
  "published": "2025-10-09T17:08:05Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-wv4w-6qv2-qqfg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61783"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python-social-auth/social-app-django/issues/220"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python-social-auth/social-app-django/issues/231"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python-social-auth/social-app-django/issues/634"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python-social-auth/social-app-django/pull/803"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python-social-auth/social-app-django/commit/10c80e2ebabeccd4e9c84ad0e16e1db74148ed4c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/python-social-auth/social-app-django"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Python Social Auth - Django has unsafe account association "
}

GHSA-X527-X647-Q7GG

Vulnerability from github – Published: 2026-06-25 22:23 – Updated: 2026-07-10 12:31
VLAI
Summary
golang.org/x/crypto: Invoking VerifiedPublicKeyCallback permissions skip enforcement
Details

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "golang.org/x/crypto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.52.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-46595"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-303",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-25T22:23:16Z",
    "nvd_published_at": "2026-05-22T04:16:25Z",
    "severity": "CRITICAL"
  },
  "details": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
  "id": "GHSA-x527-x647-q7gg",
  "modified": "2026-07-10T12:31:34Z",
  "published": "2026-06-25T22:23:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46595"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46595.json"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2026-5023"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/issue/79570"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/cl/781642"
    },
    {
      "type": "PACKAGE",
      "url": "https://cs.opensource.google/go/x/crypto"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480689"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-46595"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:37387"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:37275"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36820"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36808"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36797"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36796"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36651"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36648"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36207"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:33531"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:33524"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:30651"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:30650"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26547"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26546"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:23264"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:23262"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "golang.org/x/crypto: Invoking VerifiedPublicKeyCallback permissions skip enforcement"
}

No mitigation information available for this CWE.

CAPEC-90: Reflection Attack in Authentication Protocol

An adversary can abuse an authentication protocol susceptible to reflection attack in order to defeat it. Doing so allows the adversary illegitimate access to the target system, without possessing the requisite credentials. Reflection attacks are of great concern to authentication protocols that rely on a challenge-handshake or similar mechanism. An adversary can impersonate a legitimate user and can gain illegitimate access to the system by successfully mounting a reflection attack during authentication.