CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2017-2768 CRITICAL
EMC Network Configuration Manager 9.3.x-9.4.2.x - Improper Authentication
CVSS 9.8
CVE-2017-2767 CRITICAL
EMC Network Configuration Manager 9.3.x-9.4.2.x - Remote Code Execution via Java RMI
CVSS 9.8
CVE-2017-3791 CRITICAL
Cisco Prime Home 6.3.0.0-6.5.0.1 - Unauthenticated Authentication Bypass via RBAC URL Processing Error
CVSS 10.0
CVE-2017-3795 MEDIUM
Cisco WebEx Meetings Server <2.7.1.12 - Privilege Escalation
CVSS 5.4
CVE-2017-5554 HIGH
OxygenOS < 3.2.8 - Unauthenticated SELinux Mode Change via Fastboot OEM Command
CVSS 8.1
CVE-2016-10394 HIGH
Qualcomm MDM9206 MDM9607 SD 835 SD 845 SD 850 Firmware - Improper Authentication
CVSS 8.4
CVE-2016-0796 HIGH
WordPress Plugin mb.miniAudioPlayer - Open Proxy
CVSS 7.5
CVE-2016-2124 MEDIUM
Samba 3.0.0-4.13.13 - Improper Authentication via SMB1 Plaintext Password Exposure
CVSS 5.9
CVE-2016-11074 CRITICAL
Mattermost Server < 3.0.0 - Improper Authentication via Password Reset Link Reuse
CVSS 9.8
CVE-2016-11072 MEDIUM
Mattermost Server < 3.0.2 - Improper Authentication via Session ID and Token Mishandling
CVSS 6.5
CVE-2016-11057 HIGH
NETGEAR Multiple Routers < 2017-01-06 - Authentication Bypass via Repeated URL Calls
CVSS 7.5
CVE-2016-11042 HIGH
Samsung Android L/M - SIM Lock Bypass
CVSS 7.5
CVE-2016-11041 MEDIUM
Samsung Android KK(4.4) - Lockscreen Bypass via AT Command over USB
CVSS 4.6
CVE-2016-2032 HIGH
Aruba AirWave <8.2 - Info Disclosure
CVSS 7.5
CVE-2016-2359 CRITICAL
Milesight IP Security Camera Firmware < 2016-11-14 - Unauthenticated Authentication Bypass via vb.htm Request
CVSS 9.8
CVE-2016-10983 MEDIUM
Ghost Plugin < 0.5.6 - Unauthenticated Data Export via wp-admin/tools.php
CVSS 6.5
CVE-2016-10826 HIGH
cPanel 11.50.0.4-11.50.5.2 - Two Factor Authentication Bypass via DNS Clustering Requests
CVSS 8.8
CVE-2016-10835 MEDIUM
cPanel 11.50.0.4-11.50.5.2 - Improper Authentication via Account Name Munging
CVSS 4.3
CVE-2016-10833 HIGH
cPanel 11.50.0.4-11.50.5.2 - Improper Authentication via cPHulkd Username Blocking Bypass
CVSS 7.5
CVE-2016-10832 MEDIUM
cPanel 11.50.0.4-11.50.5.2 - FTP cPHulk Bypass via Account Name Munging
CVSS 6.5
CVE-2016-10831 HIGH
cPanel 11.54.0.0-11.54.0.19 - Improper Authentication via Two-Factor Authentication Bypass
CVSS 7.2
CVE-2016-10836 MEDIUM
cPanel 11.50.0.4-11.50.5.2 - Unauthenticated Arbitrary File Read via CalDAV Authentication
CVSS 6.5
CVE-2016-2125 MEDIUM
Samba < 4.3.13 - Improper Authentication via Forwardable Kerberos Ticket Request
CVSS 6.5
CVE-2016-10732 CRITICAL
ProjectSend r582 - Authentication Bypass via Direct Request
CVSS 9.8
CVE-2016-8609 LOW
Keycloak < 2.3.0 - Improper Authentication via Phishing URL
CVSS 3.7
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits