CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2016-9124 CRITICAL
Revive Adserver <3.2.3 - Auth Bypass
CVSS 9.8
CVE-2016-4926 CRITICAL
Junos Space < 15.2R2 - Unauthenticated Administrative Task Execution
CVSS 9.8
CVE-2016-8023 HIGH
Intel Security VSEL <2.0.3 - Auth Bypass
CVSS 8.1
CVE-2016-8022 HIGH
McAfee VirusScan Enterprise Linux < 2.0.3 - Authentication Bypass via Crafted Cookie
CVSS 7.5
CVE-2016-9729 MEDIUM
IBM QRadar SIEM 7.2 - Unauthenticated Improper Authentication
CVSS 6.5
CVE-2016-7145 CRITICAL
nefarious2 - Certificate Fingerprint Spoofing via AUTHENTICATE Parameter
CVSS 9.8
CVE-2016-1888 HIGH
FreeBSD 9.3, 10.1-10.3, 11.0 - Unauthenticated Authentication Bypass via Memory Allocation Failure Sequence
CVSS 7.5
CVE-2016-9369 CRITICAL
Moxa NPort Series - Unauthenticated Firmware Update Remote Code Execution
CVSS 9.8
CVE-2016-9362 CRITICAL
WAGO PFC200, 750-8202, 750-881, 758-0874 - Unauthenticated Settings Access via Web Server URL
CVSS 9.1
CVE-2016-9361 CRITICAL
Moxa UDP Device Discovery
CVSS 9.8
CVE-2016-8362 MEDIUM
Moxa OnCell Series - Unauthenticated Log File Download
CVSS 6.5
CVE-2016-8347 CRITICAL
Kabona AB WebDatorCentral <3.4.0 - Info Disclosure
CVSS 9.8
CVE-2016-2403 CRITICAL
Symfony < 2.8.6 and 3.x < 3.0.6 - Unauthenticated Authentication Bypass via Empty Password
CVSS 9.8
CVE-2016-1502 HIGH
NetApp SnapCenter Server <1.0P1 - Auth Bypass
CVSS 7.3
CVE-2016-3176 MEDIUM
Salt < 2015.5.10 and 2015.8.x < 2015.8.8 - Authentication Bypass via PAM Service Manipulation
CVSS 5.6
CVE-2016-4484 MEDIUM
cryptsetup < 2.1.7.3-2 - Unauthenticated Shell Access via Invalid Password Attempts
CVSS 6.8
CVE-2016-7144 HIGH
UnrealIRCd < 3.2.10.7 and 4.x < 4.0.6 - Authentication Bypass via SASL AUTHENTICATE Parameter
CVSS 8.1
CVE-2016-6659 HIGH
Cloud Foundry <248, UAA 2.x <2.7.4.12, 3.x <3.6.5, 3.7.x <3.9.3 - P...
CVSS 8.1
CVE-2016-6474 HIGH
Cisco IOS - Unauthenticated Authentication Bypass via X.509 Version 3 SSH
CVSS 7.3
CVE-2016-4322 CRITICAL
BMC BladeLogic Server Automation <8.7.3 - Auth Bypass
CVSS 9.8
CVE-2016-9796 CRITICAL
Alcatel-Lucent OmniVista 8770 2.0-3.0 - Unauthenticated Remote Code Execution via GIOP ORB Interface
CVSS 9.8
CVE-2016-2944 CRITICAL
IBM BigFix Remote Control < 9.1.2 - Unauthenticated Brute-Force Login Bypass
CVSS 9.8
CVE-2016-6452 CRITICAL
Cisco Prime Home <6.0 - Auth Bypass
CVSS 9.8
CVE-2016-6397 CRITICAL
Cisco IPICS <4.11 - Config Modification
CVSS 9.8
CVE-2016-1000214 MEDIUM
Ruckus Wireless H500 - Exposure of Sensitive Information via Authentication Bypass
CVSS 5.3
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits