Read Time:40 Second
Description
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
Consequences
Access Control: Bypass Protection Mechanism
Potential Mitigations
CVE References
- CVE-2002-1374
- The provided password is only compared against the first character of the real password.
- CVE-2000-0979
- The password is not properly checked, which allows remote attackers to bypass access controls by sending a 1-byte password that matches the first character of the real password.
- CVE-2001-0088
- Chain: Forum software does not properly initialize an array, which inadvertently sets the password to a single character, allowing remote attackers to easily guess the password and gain administrative privileges.