Common Weakness Enumeration

CWE-304

Allowed

Missing Critical Step in Authentication

Abstraction: Base · Status: Draft

The product implements an authentication technique, but it skips a step that weakens the technique.

60 vulnerabilities reference this CWE, most recent first.

CVE-2011-3172 (GCVE-0-2011-3172)

Vulnerability from cvelistv5 – Published: 2018-06-08 13:00 – Updated: 2024-09-17 04:28
VLAI
Title
unix2_chkpwd do not check for a valid account
Summary
A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12.
CWE
Assigner
References
Impacted products
Vendor Product Version
SUSE SUSE Linux Enterprise Affected: unspecified , < 12 (custom)
Create a notification for this product.
Date Public
2011-08-31 00:00
Credits
Michael Calmer of SUSE
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:22:27.607Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://build.opensuse.org/request/show/80346"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=707645"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SUSE Linux Enterprise",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "12",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Michael Calmer of SUSE"
        }
      ],
      "datePublic": "2011-08-31T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-304",
              "description": "CWE-304",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-06T16:15:42.000Z",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "microfocus"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://build.opensuse.org/request/show/80346"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=707645"
        }
      ],
      "source": {
        "defect": [
          "707645"
        ],
        "discovery": "INTERNAL"
      },
      "title": "unix2_chkpwd do not check for a valid account",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@microfocus.com",
          "DATE_PUBLIC": "2011-08-31T00:00:00.000Z",
          "ID": "CVE-2011-3172",
          "STATE": "PUBLIC",
          "TITLE": "unix2_chkpwd do not check for a valid account"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SUSE Linux Enterprise",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "12"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SUSE"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Michael Calmer of SUSE"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-304"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://build.opensuse.org/request/show/80346",
              "refsource": "CONFIRM",
              "url": "https://build.opensuse.org/request/show/80346"
            },
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=707645",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=707645"
            }
          ]
        },
        "source": {
          "defect": [
            "707645"
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "microfocus",
    "cveId": "CVE-2011-3172",
    "datePublished": "2018-06-08T13:00:00.000Z",
    "dateReserved": "2011-08-19T00:00:00.000Z",
    "dateUpdated": "2024-09-17T04:28:45.768Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-262P-FJ3F-XH7V

Vulnerability from github – Published: 2026-06-26 15:32 – Updated: 2026-06-30 03:37
VLAI
Details

It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-57915"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-304",
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-26T13:16:35Z",
    "severity": "HIGH"
  },
  "details": "It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue.",
  "id": "GHSA-262p-fj3f-xh7v",
  "modified": "2026-06-30T03:37:14Z",
  "published": "2026-06-26T15:32:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57915"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-57915"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493407"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/1y3glgh3kzwoxo5m2lq504cjlh1dsrfh"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-57915.json"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/06/26/8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2G9R-W7MH-F2H2

Vulnerability from github – Published: 2025-06-06 06:30 – Updated: 2025-06-09 15:31
VLAI
Details

A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-5715"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-304",
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-06T04:15:55Z",
    "severity": "LOW"
  },
  "details": "A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-2g9r-w7mh-f2h2",
  "modified": "2025-06-09T15:31:38Z",
  "published": "2025-06-06T06:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5715"
    },
    {
      "type": "WEB",
      "url": "https://drive.google.com/file/d/1tI0bC8X8546ActlzGlmSU-AhCdD950y4/view"
    },
    {
      "type": "WEB",
      "url": "https://drive.google.com/file/d/1tI0bC8X8546ActlzGlmSU-AhCdD950y4/view?usp=drivesdk"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.311236"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.311236"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.585069"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-2H9F-XM25-Q379

Vulnerability from github – Published: 2025-01-06 06:30 – Updated: 2025-01-06 15:30
VLAI
Details

In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08990446 / ALPS09057442; Issue ID: MSV-1598.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20153"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-304"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-06T04:15:07Z",
    "severity": "HIGH"
  },
  "details": "In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08990446 / ALPS09057442; Issue ID: MSV-1598.",
  "id": "GHSA-2h9f-xm25-q379",
  "modified": "2025-01-06T15:30:59Z",
  "published": "2025-01-06T06:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20153"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/January-2025"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3J5R-3852-J63V

Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-20 12:32
VLAI
Details

A missing check_access() function in the lollms_binding_infos module of the parisneo/lollms repository, version V14, allows attackers to add, modify, and remove bindings arbitrarily. This vulnerability affects the /install_binding and /reinstall_binding endpoints, among others, enabling unauthorized access and manipulation of binding settings without requiring the client_id value.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-11302"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-304"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-20T10:15:25Z",
    "severity": "HIGH"
  },
  "details": "A missing check_access() function in the lollms_binding_infos module of the parisneo/lollms repository, version V14, allows attackers to add, modify, and remove bindings arbitrarily. This vulnerability affects the /install_binding and /reinstall_binding endpoints, among others, enabling unauthorized access and manipulation of binding settings without requiring the client_id value.",
  "id": "GHSA-3j5r-3852-j63v",
  "modified": "2025-03-20T12:32:42Z",
  "published": "2025-03-20T12:32:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11302"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/e341304b-4651-4de9-b7b9-b89aead3b46e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3JRW-G6MQ-CX56

Vulnerability from github – Published: 2025-07-08 15:32 – Updated: 2025-07-08 15:32
VLAI
Details

A missing critical step in authentication vulnerability [CWE-304] in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, and before 7.0.16 & FortiProxy version 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.13 and before 7.0.20 allows an API-user using api-key + PKI user certificate authentication to login even if the certificate is invalid.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-52965"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-304"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-08T15:15:22Z",
    "severity": "HIGH"
  },
  "details": "A missing critical step in authentication vulnerability [CWE-304] in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, and before 7.0.16 \u0026 FortiProxy version 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.13 and before 7.0.20 allows an API-user using api-key + PKI user certificate authentication to login even if the certificate is invalid.",
  "id": "GHSA-3jrw-g6mq-cx56",
  "modified": "2025-07-08T15:32:03Z",
  "published": "2025-07-08T15:32:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52965"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-511"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3VXM-73WH-V829

Vulnerability from github – Published: 2025-08-07 17:34 – Updated: 2025-08-07 17:34
VLAI
Details

LinkJoin through 882f196 mishandles token ownership in password reset.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-55138"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-304"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-07T17:15:30Z",
    "severity": "HIGH"
  },
  "details": "LinkJoin through 882f196 mishandles token ownership in password reset.",
  "id": "GHSA-3vxm-73wh-v829",
  "modified": "2025-08-07T17:34:43Z",
  "published": "2025-08-07T17:34:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55138"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Latkecrszy/linkjoin/pull/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4M6J-23P2-8C54

Vulnerability from github – Published: 2024-02-26 20:04 – Updated: 2024-02-26 20:04
VLAI
Summary
Armeria SAML authentication bypass due to missing validation on unsigned SAML messages
Details

Impact

The SAML implementation provided by armeria-saml currently accepts unsigned SAML messages (assertions, logout requests, etc.) as they are, rather than rejecting them by default. As a result, an attacker can forge a SAML message to authenticate themselves, despite the fact that such an unsigned SAML message should be rejected.

Patches

The vulnerability has been patched in Armeria version 1.27.2. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later.

Workarounds

There is no known workaround for this vulnerability.

References

SamlMessageUtil.validateSignature()

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.27.1"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "com.linecorp.armeria:armeria-saml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.27.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-1735"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-304"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-26T20:04:37Z",
    "nvd_published_at": "2024-02-26T16:27:53Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nThe SAML implementation provided by `armeria-saml` currently accepts unsigned SAML messages (assertions, logout requests, etc.) as they are, rather than rejecting them by default. As a result, an attacker can forge a SAML message to authenticate themselves, despite the fact that such an unsigned SAML message should be rejected.\n\n### Patches\n\nThe vulnerability has been patched in Armeria version 1.27.2. All users who rely on `armeria-saml` older than version 1.27.2 must upgrade to 1.27.2 or later.\n\n### Workarounds\n\nThere is no known workaround for this vulnerability.\n\n### References\n\n[`SamlMessageUtil.validateSignature()`](https://github.com/line/armeria/blob/0efc776988d71be4da6e506ec8a33c2b7b43f567/saml/src/main/java/com/linecorp/armeria/server/saml/SamlMessageUtil.java#L160-L163)",
  "id": "GHSA-4m6j-23p2-8c54",
  "modified": "2024-02-26T20:04:37Z",
  "published": "2024-02-26T20:04:37Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/line/armeria/security/advisories/GHSA-4m6j-23p2-8c54"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1735"
    },
    {
      "type": "WEB",
      "url": "https://github.com/line/armeria/commit/b2aa9f49b46a7b0e03d8b8d753809cd1e8e2016c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/line/armeria"
    },
    {
      "type": "WEB",
      "url": "https://github.com/line/armeria/blob/0efc776988d71be4da6e506ec8a33c2b7b43f567/saml/src/main/java/com/linecorp/armeria/server/saml/SamlMessageUtil.java#L160-L163"
    },
    {
      "type": "WEB",
      "url": "https://github.com/line/armeria/releases/tag/armeria-1.27.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Armeria SAML authentication bypass due to missing validation on unsigned SAML messages"
}

GHSA-4P5R-3JMM-652Q

Vulnerability from github – Published: 2025-09-15 21:30 – Updated: 2025-09-15 23:59
VLAI
Summary
Liferay DXP Missing Critical Step in Authentication
Details

Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.liferay:com.liferay.multi.factor.authentication.timebased.otp.web"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.25"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-43798"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-304"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-15T23:59:59Z",
    "nvd_published_at": "2025-09-15T21:15:35Z",
    "severity": "LOW"
  },
  "details": "Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times during the validity period, which allows attackers with access to a user\u2019s TOTP to authenticate as the user.",
  "id": "GHSA-4p5r-3jmm-652q",
  "modified": "2025-09-15T23:59:59Z",
  "published": "2025-09-15T21:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43798"
    },
    {
      "type": "WEB",
      "url": "https://github.com/liferay/liferay-portal/commit/1df25e46675afe7c3a2754bf8968bcb9677db950"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/liferay/liferay-portal"
    },
    {
      "type": "WEB",
      "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43798"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Liferay DXP Missing Critical Step in Authentication"
}

GHSA-5565-9R8P-CJCG

Vulnerability from github – Published: 2025-08-20 15:31 – Updated: 2025-11-03 21:34
VLAI
Details

An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-24322"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-304"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-20T14:15:42Z",
    "severity": "HIGH"
  },
  "details": "An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability.",
  "id": "GHSA-5565-9r8p-cjcg",
  "modified": "2025-11-03T21:34:22Z",
  "published": "2025-08-20T15:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24322"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2163"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2163"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.