Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-287

CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,376 vulnerabilities with CWE-287

Ushahidi Platform < 2.5 - Unauthenticated Report Creation and Comment Organization via API

Ushahidi Platform < 2.5 - Unauthenticated Email API Access

BreakingPoint Storm <3.0 - Info Disclosure

Ruby on Rails 3.x < 3.0.16, 3.1.x < 3.1.7, 3.2.x < 3.2.7 - Denial of Service via Digest Authentication String Conversion

Cisco AnyConnect Secure Mobility Client 3.0-3.0.08066 - Improper Authentication via Crafted Certificate

Puppet < 2.7.18 and Puppet Enterprise < 2.5.2 - Improper Authentication via IP Address Spoofing

Plixer Scrutinizer < 9.5.0 - Unauthenticated Administrative Account Creation via admin.cgi userprefs Action

AirDroid 1.0.4 beta - Improper Authentication via Weak Default Password

AirDroid 1.0.4 beta - Improper Authentication via Password Hash Replay

ViewVC < 1.1.15 - Improper Authentication

SMC SMC8024L2 Switch - Unauthenticated Authentication Bypass via Direct HTML File Access

Mahara <1.4.2 - Auth Bypass

Symantec Message Filter 6.3 - Session Fixation

RSA Access Manager Agent and Server - Improper Session Token Validation

MantisBT < 1.2.9 - Unauthenticated Authentication Bypass via Null Password

strongSwan 4.2.0-4.6.3 - Authentication Bypass via Empty or Zeroed RSA Signature

Oracle MySQL 5.1.x < 5.1.63, 5.5.x < 5.5.24, 5.6.x < 5.6.6 - Authentication Bypass via Repeated Failed Authentication

IBM WebSphere App Server <7.0.0.23 - Auth Bypass

Red Hat Satellite 5.4 - Unauthenticated Denial of Service via Package Upload

Bradford Network Sentry <5.3.3 - Info Disclosure

aptdaemon < 0.43 - Unauthenticated Arbitrary Package Installation via Man-in-the-Middle

Xelex MobileTrack < 2.3.7 - Unauthenticated Command Execution via SMS

Apple Mac OS X <10.7.4 - Info Disclosure

Cisco Adaptive Security Appliance Software 7.2-8.4 - Improper Authentication

Cisco Small Business IP Phone Firmware < 7.4.9 - Unauthenticated Push XML Request Handling

Previous Page 150 of 176 Next

Details

Vulnerabilities 4,376

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy