CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2017-8151 MEDIUM
Huawei Honor 5S Firmware < TAG-TL00C01B173 - Authentication Bypass via Malicious App Installation
CVSS 6.8
CVE-2017-2738 CRITICAL
Huawei VCM5010 < V100R002C50SPC100 - Unauthenticated Authentication Bypass via Crafted HTTP Request
CVSS 9.8
CVE-2017-2721 MEDIUM
Huawei Berlin/L21/L22/L23/L24/FRD Firmware - Factory Reset Protection Bypass via Swype Keyboard
CVSS 4.6
CVE-2017-8861 CRITICAL
Cohu 3960HD Firmware - Unauthenticated Configuration Modification via SOAP
CVSS 9.8
CVE-2017-16613 CRITICAL
OpenStack Swauth <1.2.0 - Auth Bypass
CVSS 9.8
CVE-2017-16566 CRITICAL
Jooan IP Camera A5 2.3.36 - Info Disclosure
CVSS 9.8
CVE-2017-12337 CRITICAL
Cisco Voice Operating System - Privilege Escalation
CVSS 9.8
CVE-2017-12316 HIGH
Cisco Identity Services Engine - Unauthenticated Brute-Force Password Attack via Guest Portal Login Page
CVSS 7.5
CVE-2017-15272 MEDIUM
psftpd 10.0.4 Build 729 - Improper Authentication via Cleartext Password Storage
CVSS 5.3
CVE-2017-9314 HIGH
Dahua NVR <DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102 - Auth Bypass
CVSS 8.8
CVE-2017-16634 CRITICAL
Joomla! 3.2.0-3.8.1 - 2-Factor Authentication Bypass
CVSS 9.8
CVE-2017-16562 CRITICAL
UserPro plugin <4.9.17.1 - Auth Bypass
CVSS 9.8
CVE-2017-2914 HIGH
Circle with Disney Firmware 2.0.1 - Authentication Bypass via Crafted Token
CVSS 8.1
CVE-2017-2864 CRITICAL
Circle with Disney - Authentication Bypass via Crafted Network Packets
CVSS 9.8
CVE-2017-1000154 CRITICAL
Mahara <15.04.8-16.04.2 - Auth Bypass
CVSS 9.8
CVE-2017-12281 HIGH
Cisco Aironet 1800, 2800, and 3800 Series Access Points - Unauthenticated Authentication Bypass via PEAP
CVSS 7.5
CVE-2017-10873 HIGH
OpenAM Open Source Edition - Authentication Bypass via SAML 2.0 AuthnContext Handling
CVSS 8.1
CVE-2017-1222 MEDIUM
IBM BigFix Platform 9.2 and 9.5 - Unauthenticated Improper Authentication
CVSS 6.5
CVE-2017-12160 HIGH
Keycloak 0-3.3.0.Final and 3.4.0 - Authenticated Improper Authorization via OAuth Token Pair
CVSS 7.2
CVE-2017-9946 HIGH
Siemens APOGEE PXC & TALON TC <V3.5 - Authentication Bypass via Web Server
CVSS 7.5
CVE-2017-5635 HIGH
Apache NiFi < 0.7.2 and 1.x < 1.1.2 - Improper Authentication in Cluster Request Replication
CVSS 7.5
CVE-2017-12251 CRITICAL
Cisco Cloud Services Platform 2100 - Auth Bypass
CVSS 9.9
CVE-2017-14322 CRITICAL
Interspire Email Marketer <6.1.6 - Auth Bypass
CVSS 9.8
CVE-2017-9625 HIGH
Envitech EnviDAS Ultimate <1.0.0.5 - Auth Bypass
CVSS 8.2
CVE-2017-15297 HIGH
SAP Host Agent - Unauthenticated Improper Authentication via SOAP SAPControl Endpoint
CVSS 7.5
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits