CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2015-3206 HIGH
pykerberos - Improper Authentication via KDC Response Spoofing
CVSS 8.1
CVE-2015-8308 HIGH
lxdm < 0.5.1 - Unauthenticated Authentication Bypass via X Server Connection
CVSS 7.8
CVE-2015-4464 CRITICAL
Kguard Digital Video Recorder 104 and 108 - Improper Authentication
CVSS 9.8
CVE-2015-6816 CRITICAL
Fedora < 3.7.0 - Authentication Bypass
CVSS 9.8
CVE-2015-7871 CRITICAL
NTP <4.2.8p4, <4.3.77 - Auth Bypass
CVSS 9.8
CVE-2015-1778 CRITICAL
Opendaylight < 0.2.3-Helium-SR3 - Improper Authentication
CVSS 9.8
CVE-2015-2800 HIGH
Huawei S5700/S5300/S6300/S6700/S7700/S9300/S9700 Firmware - Denial of Service via Authentication Array Access Violation
CVSS 7.5
CVE-2015-6817 HIGH
Pgbouncer - Authentication Bypass
CVSS 8.1
CVE-2015-2880 HIGH
TRENDnet WiFi Baby Cam TV-IP743SIC - Info Disclosure
CVSS 8.8
CVE-2015-6397 HIGH
Cisco RV110W, RV130W, and RV215W Firmware - Authenticated Privilege Escalation via Default Account
CVSS 8.8
CVE-2015-7914 HIGH
Sauter EY-WS505F0x0 moduWeb Vision <1.6.0 - Auth Bypass
CVSS 8.1
CVE-2015-8269 HIGH
Fisher-Price Smart Toy Bear - Info Disclosure
CVSS 7.5
CVE-2015-7521 HIGH
Apache Hive 1.0.0-1.2.1 - Authorization Bypass via Partition-Level Operations
CVSS 8.3
CVE-2015-7974 HIGH
NTP <4.2.8p6-4.3.90 - Privilege Escalation
CVSS 7.7
CVE-2015-6314 CRITICAL
Cisco Wireless Lan Controller Software - Authentication Bypass
CVSS 9.8
CVE-2015-7938 CRITICAL
Advantech EKI-132x <2015-12-31 - Auth Bypass
CVSS 9.8
CVE-2015-6480 HIGH
Moxa OnCell Central Manager < 2.0 - Unauthenticated Privilege Escalation via MessageBrokerServlet
CVSS 8.3
CVE-2015-1772 HIGH
IBM InfoSphere BigInsights 3.0-3.0.0.2 - Unauthenticated Authentication Bypass via LDAP Bind
CVSS 7.3
CVE-2015-7755 CRITICAL KEV
Juniper ScreenOS 6.2.0r15-6.2.0r18, 6.3.0r12-6.3.0r20 - Remote Admin Access via Hardcoded Password
CVSS 9.8
CVE-2015-6401
Cisco EPC3928 EDVA 5.5.10/5.5.11/5.7.1 - Unauthenticated Admin Function Execution
CVE-2015-6389
Cisco Prime Collaboration Assurance < 11.0 - Unauthenticated Remote Access via Hardcoded SSH Account
CVE-2015-7285
CSL DualCom GPRS CS2300-R Firmware 1.25-3.53 - Unauthenticated Access via Spoofed HSxx Response
CVE-2015-7361
FortiOS 5.2.3 - Unauthenticated Remote Shell Access via ZebOS HA Management Interface
CVE-2015-5649
Cybozu Garoon 3.x-3.7.5 and 4.x-4.0.3 - Authenticated LDAP Injection
CVE-2015-5372
AdNovum nevisAuth <4.18.3.1 - Info Disclosure
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits