CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2016-6434 HIGH
Cisco Firepower Management Center 6.0.1 - Info Disclosure
CVSS 7.8
CVE-2016-5686 CRITICAL
Johnson & Johnson Animas OneTouch Ping - Auth Bypass
CVSS 9.8
CVE-2016-5086 CRITICAL
Animas OneTouch Ping Firmware - Unauthenticated Authentication Bypass via Replay Attack
CVSS 9.8
CVE-2016-7141 HIGH
Opensuse Leap < 7.50.1 - Authentication Bypass
CVSS 7.5
CVE-2016-7191 HIGH
Microsoft Azure Active Directory Passport 1.x < 1.4.6 and 2.x < 2.0.1 - Authentication Bypass via Token Validation Issue
CVSS 8.1
CVE-2016-6159 HIGH
Huawei WS331a Router Firmware < ws331a-10_v100r001c02b017sp01 - Unauthenticated Authentication Bypass via LAN Interface
CVSS 7.5
CVE-2016-4966 MEDIUM
FortiWan < 4.2.4 - Authenticated Arbitrary File Download via UserName Parameter
CVSS 6.5
CVE-2016-4860 HIGH
Yokogawa STARDOM FCN/FCJ R1.01-R4.01 - Unauthenticated Denial of Service via Logic Designer Commands
CVSS 7.3
CVE-2016-0883 CRITICAL
Pivotal Cloud Foundry (PCF) Ops Manager <1.5.14 & <1.6.9 - Auth Bypass
CVSS 9.8
CVE-2016-1279 CRITICAL
Juniper Junos OS <12.1X46-D45-14.2R6 - Info Disclosure
CVSS 9.8
CVE-2016-7114 HIGH
Siemens EN100 Ethernet Module Firmware - Authenticated Authentication Bypass via Web Interface
CVSS 8.8
CVE-2016-7112 CRITICAL
Siemens EN100 Ethernet Module Firmware < 4.28 - Improper Authentication
CVSS 9.8
CVE-2016-6377 HIGH
Cisco Media Origination System Suite <= 2.6 - Authentication Bypass via PAM API
CVSS 8.1
CVE-2016-1278 HIGH
Juniper Junos OS <12.1X46-D50 - Privilege Escalation
CVSS 7.8
CVE-2016-5133 MEDIUM
Google Chrome < 51.0.2704.106 - Origin Spoofing via Proxy Authentication
CVSS 5.3
CVE-2016-4503 CRITICAL
Moxa Device Server Web Console 5232-N - Authentication Bypass via UserId Cookie Parameter
CVSS 9.8
CVE-2016-4953 HIGH
ntp 4.x < 4.2.8p8 - Denial of Service via Spoofed Crypto-NAK Packet
CVSS 7.5
CVE-2016-1427 HIGH
Cisco Prime Network Registrar <8.2.3.1-8.3.2 - Info Disclosure
CVSS 7.5
CVE-2016-3085 MEDIUM
Apache CloudStack < 4.5.2.1, 4.6.2.1, 4.7.1.1, 4.8.0.1 - SAML Authentication Bypass
CVSS 6.5
CVE-2016-0916 CRITICAL
EMC NetWorker <8.2.2.6 & <9.0.0.6 - RCE
CVSS 9.8
CVE-2016-4510 CRITICAL
Trihedral VTScada 8.x-11.x < 11.2.02 - Unauthenticated Arbitrary File Read
CVSS 9.1
CVE-2016-4432 CRITICAL
Apache Qpid Java <6.0.3 - Auth Bypass
CVSS 9.1
CVE-2016-3094 MEDIUM
Apache Qpid Broker-J < 6.0.2 and qpid-broker < 6.0.3 - Denial of Service via Crafted Authentication Attempt
CVSS 5.9
CVE-2016-2286 HIGH
Moxa MiiNePort E1/E2/E3 Firmware - Unauthenticated Access via Blank Default Password
CVSS 7.5
CVE-2016-1402 HIGH
Cisco Identity Services Engine < 1.2.0.899 patch 7 - Denial of Service via Crafted PAP Authentication Request
CVSS 7.5
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits