Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-287

CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,374 vulnerabilities with CWE-287

Google Authenticator Login Module < 6.x-1.2 / 7.x-1.4 - Authentication Bypass via OTP Replay

Apache HBase < 0.92.3, 0.94.x < 0.94.9 - Kerberos Authentication Bypass

IBM Sametime 8.x-8.5.2.1 and 9.x-9.0.0.1 - Meeting Room Enumeration via Valid User Names

IBM Sametime <8.5.2.1 & 9.0.0.1 - Info Disclosure

Apache CloudStack <4.0.2 & Citrix CloudPlatform <3.0.6 - Auth Bypass

OpenText Exceed OnDemand 8 - Man-in-the-Middle Authentication Downgrade via Crafted Response

OpenVAS Administrator 1.2-1.2.1 and 1.3-1.3.1 - Improper Authentication via OAP Version Request

OpenVAS Manager 3.0-3.0.6 and 4.0-4.0.3 - Unauthenticated OMP Command Execution via Version Request

ucdok/tomato < 0.0.5 and npm/tomato < 0.0.6 - Improper Authentication via Partial Access Key Match

OpenStack Horizon < 2013.2 - Unauthenticated Password Change via Identity v3 API

drupalauth < 1.2.1 - Unauthenticated Authentication Bypass via User Cookie

D-Link DIR-505L/DIR-826L - Auth Bypass

GitLab <5.4.2, <6.2.4, <6.2.1 - Auth Bypass

Ubercart module <6.2.13,7.3.6 - Session Fixation

SAP Software Deployment Manager - Denial of Service via Failed Authentication

Huawei E355 Firmware 21.157.37.01.910 - Unauthenticated Sensitive Information Disclosure via API

OATH Toolkit <2.4.1 - Info Disclosure

Puppet Enterprise <3.2.0 - Info Disclosure

Seowon Intech SWC-9100 - Unauthenticated Denial of Service via reboot.cgi

GateHouse and Multiple Satellite Terminals - Unauthenticated Remote Code Execution via TCP Port 1827

CentralAuth Extension for MediaWiki Authentication Bypass via Cached Cookie

CVE-2013-7137 CRITICAL

burden < 1.8.1 - Unauthenticated Authentication Bypass via Remember Me Cookie

Apache Hadoop 2.x < 2.0.6-alpha, 0.23.x < 0.23.9, 1.x < 1.2.1 - Authentication Downgrade via RPC Protocol

IBM Tivoli Federated Identity Manager <6.2.2 - Info Disclosure

Google Chrome < 32.0.1700.77 - Unauthenticated Account Sync via Untrusted Signin Dialog

Previous Page 142 of 175 Next

Details

Vulnerabilities 4,374

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy