Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-287

CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,374 vulnerabilities with CWE-287

OpenStack Keystone < 2012.1.2 - Improper Authentication via X-Auth-Token Validation

IBM Lotus Notes Traveler <8.5.3.3 - Auth Bypass

Linux Kernel < 3.2.30 - Improper Authentication via Netlink Messages

NextBBS 0.6 - Unauthenticated Authentication Bypass via userkey Cookie

Condor 7.6.x < 7.6.10 and 7.8.x < 7.8.4 - Improper Authentication via Weak Directory Permissions

RSA Authentication Agent 7.1 and Authentication Client 3.5 - Authenticated Token Authentication Bypass

Oracle Database Server - Info Disclosure

iPhone OS < 6 - Unauthenticated Parental Controls Bypass via Purchase Transaction

macOS < 10.7.5 - Unauthenticated Device Enumeration via Device Management Interface

No Machine NX Web Companion <3 - RCE

Img Pals Photo Host 1.0 - Unauthenticated Administrator Activation Change via approve.php u Parameter

Webmin < 1.590 - Unauthenticated Arbitrary File Read via file/edit_html.cgi

owncloud_server - Authentication Bypass via oc_token Cookie

PacketFence < 3.2.0 - Improper Authentication via RADIUS User-Name Attribute

EMC Cloud Tiering Appliance < 9.0 - Unauthenticated GUI Admin Access via Crafted Auth File

Apache QPID <= 0.16 - Unauthenticated Authentication Bypass via NullAuthenticator

Condor < 7.8.2 - Unauthenticated Host-Based Authentication Bypass via Spoofed Reverse DNS

Websense Web Security <7.6.24 - Auth Bypass

McAfee SmartFilter Administration < 4.2.1 - Unauthenticated Remote Code Execution via JBoss RMI Interface

McAfee EWS <5.5.6 & MEG <7.0.2 - Auth Bypass

McAfee EWS <5.5.6 & MEG 7.0 <1 - Auth Bypass

libsoup <= 2.32.2 - Improper Authentication via SSL Certificate Validation Bypass

Tridium Niagara AX Framework <3.6 - Auth Bypass

Ushahidi Platform < 2.5 - Unauthenticated Report Creation and Comment Organization via API

Ushahidi Platform < 2.5 - Unauthenticated Email API Access

Previous Page 149 of 175 Next

Details

Vulnerabilities 4,374

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy