Skip to main content

CWE-304

Missing Critical Step in Authentication

26 CVEs Avg CVSS 7.3 MITRE
4
CRITICAL
14
HIGH
6
MEDIUM
2
LOW
7
POC
0
KEV

Monthly

CVE-2026-55957 HIGH This Week

Authentication bypass in Apache Tomcat (7.0.0-7.0.109, 8.5.0-8.5.100, 9.0.0.M1-9.0.100, 10.1.0-M1-10.1.36, 11.0.0-M1-11.0.4) lets remote attackers authenticate without supplying the correct password when the JNDIRealm is configured to validate credentials via GSSAPI bind. The flaw (CWE-304, Missing Critical Step in Authentication) means the realm accepts a bind as successful even when the password verification step is effectively skipped. There is no public exploit identified at time of analysis, EPSS risk is low (0.21%, 12th percentile), and it is not listed in CISA KEV.

Information Disclosure Tomcat Apache Apache Tomcat
NVD VulDB HeroDevs
CVSS 3.1
7.3
EPSS
0.2%
CVE-2026-57915 HIGH PATCH This Week

Authentication bypass in Apache Kerby before 2.1.2 lets remote attackers defeat Kerberos pre-authentication by submitting a PA-DATA element with an unrecognized or unsupported type, causing the KDC to skip the pre-auth check rather than reject the request. The flaw affects all Apache Kerby deployments below 2.1.2 acting as a Kerberos KDC/AS, and is fixed in version 2.1.2. There is no public exploit identified at time of analysis, no CISA KEV listing, and EPSS data was not provided; CVSS is rated 7.3 (High) with partial confidentiality, integrity, and availability impact.

Authentication Bypass Apache Apache Kerby
NVD VulDB
CVSS 3.1
7.3
EPSS
0.3%
CVE-2026-42452 HIGH This Week

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow. However, the auth middleware accepts this token on regular authenticated endpoints. This effectively turns 2FA into single-factor (password) for impacted accounts. This issue has been patched in version 2.1.0.

Information Disclosure Termix
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-40542 Maven HIGH PATCH GHSA This Week

Apache HttpClient 5.6 skips mutual authentication verification in SCRAM-SHA-256 handshakes, allowing network attackers to impersonate legitimate servers without credentials. Affected clients accept unauthenticated server responses, enabling man-in-the-middle attacks that compromise confidentiality and integrity of authenticated sessions. Apache released patched version 5.6.1 addressing the missing authentication check. EPSS score of 0.03% suggests low current exploitation activity, though the network-accessible attack surface (AV:N/AC:L/PR:N) and availability of detailed vendor advisory increase exploitation risk once attackers adapt tooling for SCRAM protocol manipulation.

Information Disclosure Apache Apache Httpclient
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-43798 Maven LOW PATCH Monitor

Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times during the validity. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Digital Experience Platform
NVD
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-24322 HIGH This Month

An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Tenda RCE Ac6 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-55138 HIGH This Month

LinkJoin through 882f196 mishandles token ownership in password reset. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2024-52965 HIGH This Week

A security vulnerability in Fortinet FortiOS (CVSS 7.2). High severity vulnerability requiring prompt remediation.

Fortinet Information Disclosure Fortiproxy Fortios
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-5715 LOW POC Monitor

A security vulnerability in A vulnerability (CVSS 3.8). Risk factors: public PoC available.

Information Disclosure Google
NVD VulDB
CVSS 4.0
0.3
EPSS
0.1%
CVE-2025-43014 MEDIUM This Month

In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Toolbox
NVD
CVSS 3.1
6.1
EPSS
0.0%
EPSS 0% CVSS 7.3
HIGH This Week

Authentication bypass in Apache Tomcat (7.0.0-7.0.109, 8.5.0-8.5.100, 9.0.0.M1-9.0.100, 10.1.0-M1-10.1.36, 11.0.0-M1-11.0.4) lets remote attackers authenticate without supplying the correct password when the JNDIRealm is configured to validate credentials via GSSAPI bind. The flaw (CWE-304, Missing Critical Step in Authentication) means the realm accepts a bind as successful even when the password verification step is effectively skipped. There is no public exploit identified at time of analysis, EPSS risk is low (0.21%, 12th percentile), and it is not listed in CISA KEV.

Information Disclosure Tomcat Apache +1
NVD VulDB HeroDevs
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Authentication bypass in Apache Kerby before 2.1.2 lets remote attackers defeat Kerberos pre-authentication by submitting a PA-DATA element with an unrecognized or unsupported type, causing the KDC to skip the pre-auth check rather than reject the request. The flaw affects all Apache Kerby deployments below 2.1.2 acting as a Kerberos KDC/AS, and is fixed in version 2.1.2. There is no public exploit identified at time of analysis, no CISA KEV listing, and EPSS data was not provided; CVSS is rated 7.3 (High) with partial confidentiality, integrity, and availability impact.

Authentication Bypass Apache Apache Kerby
NVD VulDB
EPSS 0% CVSS 8.1
HIGH This Week

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow. However, the auth middleware accepts this token on regular authenticated endpoints. This effectively turns 2FA into single-factor (password) for impacted accounts. This issue has been patched in version 2.1.0.

Information Disclosure Termix
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Apache HttpClient 5.6 skips mutual authentication verification in SCRAM-SHA-256 handshakes, allowing network attackers to impersonate legitimate servers without credentials. Affected clients accept unauthenticated server responses, enabling man-in-the-middle attacks that compromise confidentiality and integrity of authenticated sessions. Apache released patched version 5.6.1 addressing the missing authentication check. EPSS score of 0.03% suggests low current exploitation activity, though the network-accessible attack surface (AV:N/AC:L/PR:N) and availability of detailed vendor advisory increase exploitation risk once attackers adapt tooling for SCRAM protocol manipulation.

Information Disclosure Apache Apache Httpclient
NVD VulDB
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times during the validity. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Digital Experience Platform
NVD
EPSS 0% CVSS 8.1
HIGH This Month

An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Tenda RCE Ac6 Firmware
NVD
EPSS 0% CVSS 7.4
HIGH This Month

LinkJoin through 882f196 mishandles token ownership in password reset. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

A security vulnerability in Fortinet FortiOS (CVSS 7.2). High severity vulnerability requiring prompt remediation.

Fortinet Information Disclosure Fortiproxy +1
NVD
EPSS 0% CVSS 0.3
LOW POC Monitor

A security vulnerability in A vulnerability (CVSS 3.8). Risk factors: public PoC available.

Information Disclosure Google
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Toolbox
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy