Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-287

CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,376 vulnerabilities with CWE-287

Consona Live Assistance, Dynamic Agent, and Subscriber Assistance - Improper Authentication via Blank Hint Fields

Moodle 1.8.x-1.9.7 - Session Fixation via Default Session ID Regeneration Setting

Support Incident Tracker < 3.51 - Unauthenticated Authentication Bypass via Empty LDAP Password

aMSN 0.98.3 - SSL Man-in-the-Middle

CA XOsoft r12.5 - Improper Authentication via SOAP Request

CA XOsoft r12.0 and r12.5 - Improper Authentication via SOAP Request

Sahana disaster management system <0.6.2.2 - Auth Bypass

Mac OS X Server < 10.6.3 - Unauthenticated LDAP Information Disclosure via Directory Binding

Mac OS X < 10.6.3 - Privilege Escalation via Directory Services Record Name Processing

DeDeCMS 5.5 GBK - Authentication Bypass via _SESSION[dede_admin_id] Parameter

OpenPNE 1.6-1.8 2.0-2.8 2.10-2.14 3.0-3.4 - Unauthenticated Simple Login Bypass via IP Address Spoofing

t3sec_saltedpw < 0.2.13 - Authentication Bypass

HP OpenView Performance Insight < 5.4 - Unauthenticated Remote Code Execution via Helpmanager Servlet

WikyBlog 1.7.3 rc2 - Session Fixation

Geo++ GNCASTER < 1.4.0.7 - Authentication Bypass via HTTP Digest Replay Attack

Geo++ GNCASTER < 1.4.0.7 - Improper Authentication via HTTP Basic Authentication Bypass

SSSD < 1.0.1 - Improper Authentication via Kerberos TGT Handling

McAfee LinuxShield <= 1.5.1 - Authenticated Privilege Escalation to Admin via Statistics Server

Wyse Device Manager 4.7.x - Unauthenticated Remote Command Execution via hagent.exe

IBM Tivoli Federated Identity Manager 6.2.0 - Authentication Bypass via OpenID OP-Identifier

CRE Loaded < 6.2.14 - Unauthenticated Authentication Bypass via PHP_SELF Manipulation

CRE Loaded < 6.2.14 - Unauthenticated Authentication Bypass via PATH_INFO Manipulation

Scripteen Free Image Hosting Script 2.3 - Unauthenticated Authentication Bypass via cookgid Cookie

Sweetphp Totalcalender - Authentication Bypass

WB News 2.1.2 - Unauthenticated Authentication Bypass via WBNEWS Cookie

Previous Page 156 of 176 Next

Details

Vulnerabilities 4,376

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy