CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2017-1258 MEDIUM
IBM Security Guardium 10.0-10.1 - Unauthenticated Improper Authentication
CVSS 6.5
CVE-2017-10807 CRITICAL
jabberd2 < 2.6.0 - Unauthenticated Authentication Bypass via SASL ANONYMOUS
CVSS 9.8
CVE-2017-6722 MEDIUM
Cisco UCCx <11.5.1.10000.61 - Auth Bypass
CVSS 6.1
CVE-2017-6703 MEDIUM
Cisco Prime Collaboration Provisioning - Unauthenticated Session Hijacking via Web Application
CVSS 5.9
CVE-2017-7919 CRITICAL
Newport XPS-Cx and XPS-Qx - Unauthenticated Authentication Bypass via Specific URL
CVSS 9.8
CVE-2017-10796 MEDIUM
TP-Link NC250 Firmware < 1.2.1 - Unauthenticated Video and Audio Access via RTSP URL
CVSS 6.5
CVE-2017-10709 MEDIUM
Elephone P9000 Android 6.0 - Lockscreen Lockout Bypass via Backspace Key
CVSS 6.8
CVE-2017-6034 CRITICAL
Schneider Electric Modicon Modbus Protocol - Authentication Bypass by Capture-Replay via Cleartext Command Transmission
CVSS 9.8
CVE-2017-4989 CRITICAL
EMC Avamar Server Software <7.3.1-125 - Auth Bypass
CVSS 9.8
CVE-2017-3167 CRITICAL
Apache HTTP Server 2.2.0-2.2.32 - Authentication Bypass via ap_get_basic_auth_pw()
CVSS 9.8
CVE-2017-3745 HIGH
Lenovo XClarity Administrator <1.3.0 - Info Disclosure
CVSS 7.8
CVE-2017-9552 HIGH
Synology Photo Station <6.7.1-3419 - Info Disclosure
CVSS 7.8
CVE-2017-9542 CRITICAL
D-Link DIR-615 Wireless N 300 Router - Auth Bypass
CVSS 9.8
CVE-2017-7314 HIGH
Personify360 e-Business <7.6.1 - Info Disclosure
CVSS 7.5
CVE-2017-9148 CRITICAL
FreeRADIUS 2.1.1-2.1.7, 3.0.x < 3.0.14, 3.1.x/4.0.x < 2017-02-04 - TLS Session Cache Bypass
CVSS 9.8
CVE-2017-9100 HIGH
D-Link DIR-600M <3.04 - Auth Bypass
CVSS 8.8
CVE-2017-7937 MEDIUM
Phoenix Contact GmbH mGuard firmware 8.3.0-8.4.2 - Improper Authentication
CVSS 4.0
CVE-2017-8879 MEDIUM
Dolibarr ERP/CRM <4.0.4 - Info Disclosure
CVSS 6.8
CVE-2017-8827 CRITICAL
GeniXCMS < 1.1.2 - Denial of Service via Forgot Password Rate Limit Bypass
CVSS 9.1
CVE-2017-7921 CRITICAL KEV
Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530 - Improper Authentication
CVSS 9.8
CVE-2017-7909 CRITICAL
Advantech B+B SmartWorx MESR901 Firmware < 1.5.2 - Improper Authentication via Client-Side JavaScript Bypass
CVSS 9.8
CVE-2017-6624 MEDIUM
Cisco IOS 15.5(3)M for CallManager Express - Unauthenticated Toll Fraud via Configuration Bypass
CVSS 5.3
CVE-2017-8403 HIGH
360fly 4K Camera Firmware 2.1.4 - Unauthenticated Wi-Fi Password Change via BLE Pairing
CVSS 8.8
CVE-2017-2101 HIGH
AppGoat < 3.0.0 - Authentication Bypass
CVSS 7.3
CVE-2017-8223 HIGH
Wireless IP Camera (P2P) WIFICAM - Unauthenticated RTSP Stream Access via Port 10554
CVSS 7.5
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits