Cyber Resilience

CWE · MITRE source

CWE-289Authentication Bypass by Alternate Name

Abstraction: Base · CVEs in our corpus: 33

The product performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: full · 4 mapping(s) from 4 framework(s): OWASP-Web 1 (full) · STIG oracle linux 8 1 (mostly) · ATT&CK 1 (mostly) · STIG rhel 7 1 (partial)

See the full cumulative-coverage rollup →

OWASP Top 10 for Web (2025)

This weakness contributes to A07:2025 Authentication Failures.

NIST 800-53 r5 controls that address this weakness (0)AI

Control Title Family Why it addresses this CWE
No NIST controls proposed yet.

MITRE ATT&CK techniques this weakness enables

Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.

Direction: other covers this; this covers other (F/M/P = full / mostly / partial).

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2021-347467.09.80.17662021-09-02
CVE-2023-18037.09.80.00762023-04-14
CVE-2024-565117.09.80.20882025-01-10
CVE-2025-292667.09.60.00412025-03-31
CVE-2025-136137.09.80.00422025-12-10
CVE-2025-55130 UPD7.09.10.01632026-01-20
CVE-2026-240587.09.80.00532026-01-22
CVE-2026-39858 UPD7.010.00.00482026-04-30
CVE-2026-50627 UPD7.09.10.00422026-06-12
CVE-2026-536227.010.00.00242026-06-23
CVE-2017-165905.58.80.03402018-01-23
CVE-2023-200465.58.80.00862023-05-09
CVE-2023-32635.57.50.00642023-08-14
CVE-2023-418905.57.50.00602023-09-19
CVE-2024-20985.57.50.00452024-06-13
CVE-2024-519965.57.50.00632024-11-13
CVE-2024-556345.58.10.00402024-12-10
CVE-2024-112835.57.50.00412025-03-14
CVE-2025-412485.57.50.00432025-09-16
CVE-2025-603755.57.30.00272025-10-09
CVE-2025-643435.57.80.00112025-11-07
CVE-2026-44492 UPD5.58.60.00922026-06-11
CVE-2023-384873.56.50.00662023-08-04
CVE-2023-516633.55.30.00372023-12-29
CVE-2024-345193.56.80.00392024-05-05