Authentication Bypass by Primary Weakness
CVE-2021-21403
Summary
In github.com/kongchuanhujiao/server before version 1.3.21, there is an authentication Bypass by Primary Weakness vulnerability. All users are impacted. This is fixed in version 1.3.21.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-305 - Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
References
Advisory Timeline
- Published