CWE · MITRE source
CWE-305Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Last updated: 04 July 2026 00:28 UTC
Cumulative inbound coverage
How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.
Collective: mostly · 6 mapping(s) from 5 framework(s): ASVS 5.0 2 (partial) · OWASP-Web 1 (mostly) · STIG ubuntu 22 04 1 (partial) · STIG ubuntu 24 04 1 (partial) · ATT&CK 1 (partial)
OWASP Top 10 for Web (2025)
This weakness contributes to A07:2025 Authentication Failures.
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
MITRE ATT&CK techniques this weakness enables
Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.
Direction: ← other covers this;
→ this covers other (F/M/P = full / mostly /
partial).
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2024-37085 KEV | 10.0 | 6.8 | 0.2677 | 2024-06-25 |
CVE-2025-31161 KEV | 10.0 | 9.8 | 0.9996 | 2025-04-03 |
CVE-2020-10923 | 8.0 | 8.8 | 0.8468 | 2020-07-28 |
CVE-2023-28126 | 8.0 | 5.9 | 0.6666 | 2023-05-09 |
CVE-2019-14910 | 7.0 | 9.8 | 0.0105 | 2019-12-05 |
CVE-2020-11012 | 7.0 | 9.3 | 0.0210 | 2020-04-23 |
CVE-2020-15787 | 7.0 | 9.8 | 0.0148 | 2020-09-09 |
CVE-2020-24683 | 7.0 | 9.8 | 0.0141 | 2020-12-22 |
CVE-2021-3850 | 7.0 | 9.1 | 0.0217 | 2022-01-25 |
CVE-2022-0547 | 7.0 | 9.8 | 0.0352 | 2022-03-18 |
CVE-2022-2651 | 7.0 | 9.8 | 0.1138 | 2022-08-04 |
CVE-2023-0777 | 7.0 | 9.8 | 0.1509 | 2023-02-10 |
CVE-2023-1307 | 7.0 | 9.8 | 0.0107 | 2023-03-10 |
CVE-2023-27582 | 7.0 | 9.1 | 0.0102 | 2023-03-13 |
CVE-2023-28727 | 7.0 | 9.6 | 0.0038 | 2023-03-31 |
CVE-2023-1833 | 7.0 | 9.8 | 0.0076 | 2023-04-14 |
CVE-2023-34124 | 7.0 | 9.8 | 0.4089 | 2023-07-13 |
CVE-2023-34137 | 7.0 | 9.8 | 0.0089 | 2023-07-13 |
CVE-2023-4501 | 7.0 | 9.8 | 0.0062 | 2023-09-12 |
CVE-2024-1403 UPD | 7.0 | 10.0 | 0.0327 | 2024-02-27 |
CVE-2023-7103 | 7.0 | 9.8 | 0.0064 | 2024-03-05 |
CVE-2024-1202 UPD | 7.0 | 9.8 | 0.0089 | 2024-03-21 |
CVE-2023-6153 | 7.0 | 9.8 | 0.0069 | 2024-03-27 |
CVE-2024-36388 | 7.0 | 10.0 | 0.0047 | 2024-06-02 |
CVE-2023-41920 | 7.0 | 9.8 | 0.0042 | 2024-07-02 |