CWE-1390: Weak Authentication
The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.
Last updated
Overview
Attackers may be able to bypass weak authentication faster and/or with less effort than expected.
Real-world CVEs
81 recorded CVEs are caused by CWE-1390 (Weak Authentication). The highest-severity and most recent are shown first. 23 new CWE-1390 CVEs have been recorded so far in 2026 (35 in 2025).
- CVE-2025-30412Critical · CVSS 10.0 · EPSS 46th2026-02-20
- CVE-2025-30411Critical · CVSS 10.0 · EPSS 46th2026-02-20
- CVE-2026-6274
Authentication Bypass in DTS Electronics' Redline WR3200
Critical · CVSS 9.8 · EPSS 37th2026-06-05 - CVE-2026-28710Critical · CVSS 9.8 · EPSS 34th2026-03-05
- CVE-2025-40554
SolarWinds Web Help Desk Authentication Bypass Vulnerability
Critical · CVSS 9.8 · EPSS 99th2026-01-28 - CVE-2025-40552
SolarWinds Web Help Desk Authentication Bypass Vulnerability
Critical · CVSS 9.8 · EPSS 99th2026-01-28 - CVE-2025-63807Critical · CVSS 9.8 · EPSS 37th2025-11-20
- CVE-2025-49201Critical · CVSS 9.8 · EPSS 44th2025-10-14
- CVE-2025-47479
WordPress WP Compress plugin <= 6.30.30 - Broken Authentication Vulnerability
Critical · CVSS 9.8 · EPSS 26th2025-07-04 - CVE-2025-39596
WordPress Quentn WP plugin <= 1.2.8 - Privilege Escalation Vulnerability
Critical · CVSS 9.8 · EPSS 42th2025-04-17 - CVE-2025-1387
Learning Digital Orca HCM - Improper Authentication
Critical · CVSS 9.8 · EPSS 43th2025-02-17 - CVE-2024-50563Critical · CVSS 9.8 · EPSS 43th2025-01-16
Showing 12 of 81 recorded CWE-1390 CVEs. Track new ones as they are published and get AI-written analysis and fixes.
Monitor CWE-1390 vulnerabilitiesCommon consequences
What can happen when CWE-1390 is exploited.
Read Application Data, Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands
Affects: Integrity, Confidentiality, Availability, Access Control
This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Technologies
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these products were often used in industries such as power, electrical, water, and others, there could even be safety implications.
Multiple OT products used weak authentication.
Illustrative examples
Real CVEs that MITRE cites as examples of this weakness.
- CVE-2024-48445 — Chain: e-commerce app relies on an easily-guessable timestamp (CWE-341) in a weak authentication algorithm (CWE-1390)
- CVE-2022-30034 — Chain: Web UI for a Python RPC framework does not use regex anchors to validate user login emails (CWE-777), potentially allowing bypass of OAuth (CWE-1390).
- CVE-2022-35248 — Chat application skips validation when Central Authentication Service (CAS) is enabled, effectively removing the second factor from two-factor authentication
- CVE-2021-3116 — Chain: Python-based HTTP Proxy server uses the wrong boolean operators (CWE-480) causing an incorrect comparison (CWE-697) that identifies an authN failure if all three conditions are met instead of only one, allowing bypass of the proxy authentication (CWE-1390)
- CVE-2022-29965 — Distributed Control System (DCS) uses a deterministic algorithm to generate utility passwords
- CVE-2022-29959 — Initialization file contains credentials that can be decoded using a "simple string transformation"
- CVE-2020-8994 — UART interface for AI speaker uses empty password for root shell
Frequently asked questions
Common questions about CWE-1390.
- What is CWE-1390?
- The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.
- What CVEs are caused by CWE-1390?
- 81 recorded CVEs are attributed to CWE-1390, including CVE-2025-30412, CVE-2025-30411, CVE-2026-6274.
- What are the consequences of CWE-1390?
- Exploiting CWE-1390 can lead to: Read Application Data, Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands.
- Is CWE-1390 actively exploited?
- 81 recorded CVEs are caused by CWE-1390; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-1390) (opens in a new tab)
- CWE-1390 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-1390
Get alerted the moment a new CWE-1390 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.