Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-287

CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,376 vulnerabilities with CWE-287

IBM OmniFind Enterprise Edition 8.x/9.x - Unauthenticated Server Configuration Modification

PayPal < 3.0 - Improper Certificate Validation

Luci < 0.22.4 - Unauthenticated Authentication Bypass via Forged Ticket Cookie

IBM Tivoli Provisioning Manager 7.1.1.3 - Unauthenticated SQL Command Execution

IBM DB2 Universal Database < 9.5 - Improper Authentication via Audit Settings Bypass

Drupal OpenID Module < 6.18 and 5.x-1.4 - Authentication Bypass via Unsigned OpenID Fields

Drupal OpenID Module - Authentication Bypass via OpenID Response Nonce Reuse

Drupal <6.18 & <5.x-1.4 - Auth Bypass

Apple Mac OS X 10.6.x-10.6.4 - Unauthenticated AFP Server Shared-Folder Access Bypass

IBM FileNet P8 AE <4.0.2.7 - Info Disclosure

Microsoft IIS 5.1 on Windows XP SP3 - Directory Authentication Bypass via Crafted Request

SSSD 1.3.0 - Unauthenticated Authentication Bypass via Empty Password

libsecurity - Improper Certificate Domain Validation

zope-ldapuserfolder <2.9-1 - Privilege Escalation

Base-files <5.0.0ubuntu7.1-5.0.0ubuntu20.10.04.2 - RCE

LVM2 < 2.02.72 - Unauthenticated Denial of Service via Crafted Control Commands

IBM Tivoli Directory Server <6.0.0.8-TIV-ITDS-IF0006 - DoS

Likewise Open/CIFS <6.0.8234 - Auth Bypass

Adaptive Micro Systems ALPHA Ethernet Adapter II Web-Manager 3.40.2 - Authentication Bypass

Mahara < 1.0.15, 1.1.x < 1.1.9, 1.2.x < 1.2.5 - Unauthenticated Authentication Bypass via Empty Password

Open-FTPD < 1.2 - Unauthenticated Authentication Bypass via FTP Command Injection

Apple Mac OS X 10.5.8 - Privilege Escalation

Fujitsu e-Pares V01 L01, L03, L10, L20, L30 - Session Fixation

Cisco Scientific Atlanta WebSTAR DPC2100R2 - Unauthenticated Authentication Bypass

VMware SpringSource tc Server Runtime <6.0.20.D-6.0.25.A-SR01 - RCE

Previous Page 155 of 176 Next

Details

Vulnerabilities 4,376

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy