Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-287

CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,376 vulnerabilities with CWE-287

Siemens WinCC flexible 2004-2008 - Unauthenticated Remote Access via TELNET Daemon

Siemens WinCC flexible - Improper Authentication via Predictable Cookie Token

Apple Mac OS X 10.7.x <10.7.3 - Privilege Escalation

Symantec pcAnywhere 12.5.x-12.5.3 & IT Management Suite 7.0-7.1 - RCE via TCP Port 5631

Apache Tomcat 5.5.x < 5.5.34, 6.x < 6.0.33, 7.x < 7.0.12 - Access Bypass via HTTP Digest Auth

kcheckpass - Improper Authentication via PAM Service Name Manipulation

Wi-Fi Protected Setup Protocol - Improper Authentication via EAP-NACK Message Handling

Splunk < 4.2.5 - Unauthenticated Arbitrary File Read and Management Command Execution

Bugzilla < 3.4.13, < 3.6.7, < 4.0.3, <= 4.1.3 - Unauthenticated Account Creation

Cyrus IMAPd < 2.4.12 - Unauthenticated Authentication Bypass via AUTHINFO USER Command

Schneider Electric Quantum Ethernet Module Unauthenticated Password Generation

One Click Orgs < 1.2.3 - Unauthenticated Credential Theft via Autocomplete

InduSoft Web Studio 6.1 and 7.0 - Unauthenticated Remote Code Execution via CEServer Remote Agent

IBM TS3100/TS3200 <A.60 - Auth Bypass

Opengear console server <2.2.1 - Auth Bypass

Windows LDAPS - Authenticated Authentication Bypass via Revoked Certificate

ark-web a-form < 1.3.6 and 2.x < 2.0.3 - Improper Authentication

OneOrZero AIMS 2.7.0 - Unauthenticated Authentication Bypass via oozimsrememberme Cookie

Cisco ASA 7.0-7.2, 8.0-8.5 & FWSM 3.1-4.1 - TACACS+ Authentication Bypass

Cisco Firewall Services Module DoS via Authentication Request Flood

fast_cgi 0.70-0.73 - Authentication Bypass via HTTP Header Injection

IBM WebSphere Commerce <6.0.0.11 & <7.0.0.3 - Info Disclosure

Red Hat Enterprise MRG 2.0 - Improper Authentication via Logged Credentials

GNOME NetworkManager <0.8.6 - Privilege Escalation

Shibboleth OpenSAML <2.4.3, <2.5.1 - Auth Bypass

Previous Page 152 of 176 Next

Details

Vulnerabilities 4,376

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy