Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-287

CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,374 vulnerabilities with CWE-287

Festo CECX-X-C1/M1 CoDeSys/SoftMotion - Unauthenticated Config Mod & Log Deletion

Festo CECX-X-C1 and CECX-X-M1 Modular Controllers with CoDeSys - Improper Authentication via Undocumented FTP Access

Red Hat OpenShift Enterprise <2.0.5, 1.2.7 - Auth Bypass

Apple iOS < 7.1.1, OS X 10.8.x-10.9.2, and TVOS < 6.1.1 - Improper Authentication via Triple Handshake Attack

CubeCart < 5.2.9 - Session Fixation via PHPSESSID Parameter

MediaWiki <1.19.14, 1.20.x<1.21.8, 1.22.x<1.22.5 - Info Disclosure

Bugzilla 2.x-4.4.2 and 4.5.x < 4.5.3 - Authenticated Login CSRF

Cybozu Remote Service Manager <3.1.1 - Session Fixation

strongSwan 4.0.7-5.1.3 - Authentication Bypass via IKEv2 Rekeying

OpenStack Keystone - Denial of Service via Authentication Chaining

cURL/libcurl <7.36.0 - Open Redirect

Amtelco miSecureMessages - Info Disclosure

ZyXEL Wireless N300 NetUSB NBG-419N <1.00(BFQ.6)C0 - Auth Bypass

Artiva Workstation <1.3.9 - Auth Bypass

Cisco ASA 8.2-9.1 Authentication Bypass via Crafted Cookie/URL

WordPress <3.7.2, <3.8.2 - Info Disclosure

EMC VPLEX GeoSynchrony 4.x-5.x - Session Fixation

Allied Telesis AT-RG634A, iMG624A, iMG616LH, iMG646BD - Unauthenticated Remote Code Execution via CLI Interface

389 Directory Server <1.2.11.26 - Privilege Escalation

owncloud < 6.0.2 - Session Fixation via GET Request

Foscam FI8910W <11.37.2.55 - Info Disclosure

TIBCO Enterprise Administrator <1.0.0 - Command Injection

Cisco Unified Communications Manager < 10.0(1) - Unauthenticated Authentication Bypass in CAPF

Cisco Adaptive Security Appliance Software 9.1(.3) - Unauthenticated Authentication Bypass via Phone Proxy TFTP Request

Cisco Adaptive Security Appliance Software 9.1(.3) - Authentication Bypass via CTL File Injection

Previous Page 139 of 175 Next

Details

Vulnerabilities 4,374

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy