BaseDraft

CWE-303Incorrect Implementation of Authentication Algorithm

Category: auth

Description

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect. This incorrect implementation may allow authentication to be bypassed.

Common consequences· 1

  • Access Control — Bypass Protection Mechanism

Related CAPEC attack patterns· 1

CAPEC-90

References

  1. https://cwe.mitre.org/data/definitions/303.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternReflection Attack in Authentication Protocolcapec-90100%live

(incoming)18

TypeTargetConfidenceTier
VulnerabilityCVE-2025-12419cve-2025-124190%live
VulnerabilityCVE-2025-12421cve-2025-124210%live
VulnerabilityCVE-2025-13390cve-2025-133900%live
VulnerabilityCVE-2025-14273cve-2025-142730%live
VulnerabilityCVE-2025-14510cve-2025-145100%live
VulnerabilityCVE-2025-21311cve-2025-213110%live
VulnerabilityCVE-2025-44557cve-2025-445570%live
VulnerabilityCVE-2025-4676cve-2025-46760%live
VulnerabilityCVE-2025-57808cve-2025-578080%live
VulnerabilityCVE-2025-63210cve-2025-632100%live
VulnerabilityCVE-2025-66489cve-2025-664890%live
VulnerabilityCVE-2026-0073cve-2026-00730%live
VulnerabilityCVE-2026-28446cve-2026-284460%live
VulnerabilityCVE-2026-29515cve-2026-295150%live
VulnerabilityCVE-2026-41103cve-2026-411030%live
VulnerabilityCVE-2026-43640cve-2026-436400%live
KEVEntryMicrosoft SharePoint Server Privilege Escalation Vulnerabilitykev-cve-2023-293570%live
KEVEntryIvanti Virtual Traffic Manager Authentication Bypass Vulnerabilitykev-cve-2024-75930%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improperly Implemented Security Check for Standard
CWE
Missing Critical Step in Authentication
CWE
Authentication Bypass by Primary Weakness
CWE
Use of a Cryptographic Primitive with a Risky Implementation
CWE
Insufficient Verification of Data Authenticity
CWE
Use of a Broken or Risky Cryptographic Algorithm
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.