CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2018-25236 CRITICAL
Hirschmann HiOS HiSecOS Authentication Bypass via HTTP Management
CVSS 9.8
CVE-2018-11952 HIGH
Qualcomm MDM9206 and related firmware - Improper Authentication via Fuse Version Bypass
CVSS 8.4
CVE-2018-25043 MEDIUM
uTorrent - Weak Authentication via PRNG
CVSS 5.0
CVE-2018-18907 HIGH
D-Link DIR-850L < 1.21b07 - Unauthenticated WPA2 Encryption Bypass via Data Frame Injection
CVSS 7.5
CVE-2018-25030 LOW
Mirmay Secure Private Browser and File Manager < 2.5 - Local Authentication Bypass via Auto Lock Race Condition
CVSS 3.3
CVE-2018-16496 MEDIUM
Versa Director - Unauthenticated Improper Authentication
CVSS 5.3
CVE-2018-11765 HIGH
Apache Hadoop 2.8.0-2.8.5, 2.9.0-2.9.2, 3.0.0-alpha2-3.0.0 - Unauthenticated Servlet Access via Kerberos Bypass
CVSS 7.5
CVE-2018-21263 HIGH
Mattermost Server < 4.7.0, < 4.6.2, < 4.5.2 - Unauthenticated Account Takeover via SAML Response
CVSS 8.8
CVE-2018-21246 CRITICAL
Caddy < 0.10.13 - Authentication Bypass via TLS Client Authentication
CVSS 9.8
CVE-2018-21235 HIGH
Foxit E-mail advertising system < 09-2018 - Authentication Bypass and Information Disclosure
CVSS 7.5
CVE-2018-21128 HIGH
NETGEAR WAC505 and WAC510 < 5.0.0.17 - Authentication Bypass
CVSS 8.8
CVE-2018-21125 HIGH
NETGEAR WAC510 Firmware < 5.0.0.17 - Authentication Bypass
CVSS 8.8
CVE-2018-21121 HIGH
NETGEAR GS810EMX, XS512EM, and XS724EM - Authentication Bypass
CVSS 8.8
CVE-2018-21118 HIGH
NETGEAR XR500 Firmware < 2.3.2.32 - Authentication Bypass
CVSS 8.8
CVE-2018-21062 MEDIUM
Samsung Android N(7.x) and O(8.x) - Unauthenticated Secure Folder Content Exposure via External Device Connection
CVSS 4.6
CVE-2018-21038 CRITICAL
Samsung Android N(7.x) - Authentication Bypass in Secure Folder Startup Logic
CVSS 9.8
CVE-2018-13060 MEDIUM
Easy!Appointments 1.3.0 - Improper Authentication via Guessable CAPTCHA
CVSS 6.5
CVE-2018-15819 HIGH
EasyIO 30P Firmware < 2.0.5.27 - Authentication Bypass via webuser.js
CVSS 7.5
CVE-2018-14705 CRITICAL
Drobo 5N2 4.0.5 - Unauthenticated Improper Authentication
CVSS 9.8
CVE-2018-19834 HIGH
bombba - Unauthenticated Ownership Takeover via quaker Function
CVSS 7.5
CVE-2018-19833 HIGH
ddq - Unauthenticated Ownership Takeover via Improper Authentication
CVSS 7.5
CVE-2018-19832 HIGH
NewIntelTechMedia - Privilege Escalation
CVSS 7.5
CVE-2018-19831 HIGH
Cryptbond Network - Privilege Escalation
CVSS 7.5
CVE-2018-20489 MEDIUM
GitLab 9.1.0-11.4.12, 11.5.0-11.5.5, 11.6.0 - Improper Authentication
CVSS 5.3
CVE-2018-4064 HIGH
Sierra Wireless AirLink ES450 Firmware 4.9.3 - Authenticated Unverified Password Change via ACEManager upload.cgi
CVSS 7.1
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits