CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2014-8650 CRITICAL
python-requests <0.6 - Info Disclosure
CVSS 9.8
CVE-2014-1867 HIGH
suphp < 0.7.2 - Security Bypass and Arbitrary Code Execution via Source-Highlighting Feature
CVSS 7.8
CVE-2014-2904 HIGH
wolfssl < 3.2.0 - Improper Authentication
CVSS 7.5
CVE-2014-10389 CRITICAL
WP Support Plus Responsive Ticket System < 4.2 - Improper Authentication
CVSS 9.8
CVE-2014-5432 CRITICAL
Baxter SIGMA Spectrum Infusion System 6.05 - Unauthenticated Remote Access via SSH
CVSS 9.8
CVE-2014-10067 MEDIUM
paypal-ipn < 3.0.0 - Improper Authentication via test_ipn Parameter
CVSS 5.9
CVE-2014-0927 HIGH
IBM Sterling B2B Integrator & File Gateway - Unauthenticated Authentication Bypass via ActiveMQ
CVSS 8.1
CVE-2014-3999 HIGH
Horde_Ldap < 2.0.6 - Authentication Bypass via LDAP Bind User DN
CVSS 8.1
CVE-2014-6436 CRITICAL
Aztech DSL5018EN DSL705E DSL705EU - Unauthenticated Remote Command Execution via Session Bypass
CVSS 9.8
CVE-2014-6435 HIGH
Aztech ADSL DSL5018EN-DSL705EU - DoS
CVSS 7.5
CVE-2014-0121 CRITICAL
hawtio < 1.2.2 - Unauthenticated Remote Code Execution via Admin Terminal k Parameter
CVSS 9.8
CVE-2014-9618 CRITICAL
Netsweeper <3.1.10, <4.0.9, <4.1.2 - Auth Bypass
CVSS 9.8
CVE-2014-9611 CRITICAL
netsweeper < 4.0.4 - Unauthenticated Authentication Bypass via webadmin/nslam/index.php
CVSS 9.8
CVE-2014-9624 HIGH
MantisBT < 1.2.19 - CAPTCHA Bypass
CVSS 7.5
CVE-2014-7860 MEDIUM
D-Link DNS-320L < 1.04b12 and DNS-327L < 1.03b04 - Unauthenticated Exposure of Sensitive Information via fb_publish.php
CVSS 5.3
CVE-2014-7858 CRITICAL
D-Link DNR-326 Firmware < 1.40b03 - Unauthenticated Authentication Bypass via Username Cookie
CVSS 9.8
CVE-2014-7857 CRITICAL
D-link Dns-322l Firmware < 2.00b07 - Authentication Bypass
CVSS 9.8
CVE-2014-8180 MEDIUM
MongoDB on Red Hat Satellite 6 - Improper Authentication and Denial of Service via Empty Password Bypass
CVSS 5.5
CVE-2014-9952 HIGH
Android - Capture-Replay Vulnerability in Secure File System
CVSS 7.8
CVE-2014-3527 CRITICAL
Spring Security 3.1-3.2.4 - Improper Authentication via CAS Proxy Ticket
CVSS 9.8
CVE-2014-0097 HIGH
Spring Security <3.2.1, <3.1.5 - Info Disclosure
CVSS 7.3
CVE-2014-9605
Netsweeper <3.1.10, <4.0.9, <4.1.2 - Auth Bypass
CVE-2014-3612
Apache ActiveMQ 5.0.0-5.10.0 - Unauthenticated Authentication Bypass via Empty Password
CVE-2014-4882
Aptexx Resident Anywhere - Info Disclosure
CVE-2014-9045
ownCloud Server <5.0.18, <6.0.6 - Auth Bypass
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits