CWE-592 is a deprecated classification in the CWE framework. It remains in the catalog for historical hierarchy and CVE traceability.
This weakness has been deprecated because it covered redundant concepts already described in CWE-287.
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2026-43512 | 2026-05-12 | DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, fro… |
| CVE-2023-30971 | 2025-12-19 | Gotham Gaia application was found to be exposing multiple unauthenticated endpoints. |
| CVE-2024-42759 | 2024-09-09 | An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint. |
| CVE-2024-38884 | 2024-08-02 | An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform an Authentication Bypass attack due to improperly i… |
| CVE-2019-14843 | 2020-01-07 | A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access una… |
| CVE-2019-14910 | 2019-12-05 | A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication … |
| CVE-2019-14909 | 2019-12-04 | A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted. |
| CVE-2019-10201 | 2019-08-14 | It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the <Signature> sections, the message i… |
| CVE-2019-10198 | 2019-07-31 | An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the chan… |
| CVE-2019-3899 | 2019-04-22 | It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift C… |
| CVE-2014-5432 | 2019-03-26 | Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may b… |
| CVE-2018-10933 | 2018-10-17 | A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthor… |
| CVE-2018-14643 | 2018-09-21 | An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulne… |
| CVE-2016-8616 | 2018-08-01 | A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an un… |
| CVE-2018-10847 | 2018-07-30 | prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. … |
| CVE-2017-2650 | 2018-07-27 | It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permissi… |
| CVE-2017-12164 | 2018-07-26 | A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as anot… |
| CVE-2017-7537 | 2018-07-26 | It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to byp… |
| CVE-2018-1085 | 2018-06-15 | openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CER… |
| CVE-2016-8371 | 2018-04-05 | The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled. |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2008-07-01 | Eric Dalci | 1.0 | — | updated Time_of_Introduction |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Relationships, Taxonomy_Mappings |
| 2009-05-27 | CWE Content Team | 1.4 | — | updated Related_Attack_Patterns |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated References, Relationships |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Relationships |
| 2017-05-03 | CWE Content Team | 2.11 | — | updated Common_Consequences, Description, Name, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |