Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-287

CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,376 vulnerabilities with CWE-287

Google Chrome < 1.0.154.53 - SSL Tampering via Proxy CONNECT Response

Opera < 9.25 - Cross-Site Scripting via Proxy CONNECT Response

Apple Safari < 3.2.2 - Cross-Site Scripting via Proxy CONNECT Response

Microsoft Internet Explorer <8 - SSRF

Firefox < 3.0.10 - SSL Tampering via HTTP Host Header

Grestul 1.2 - Unauthenticated Authentication Bypass and Administrative Account Creation via Direct Request

Microsoft Internet Information Services 5.0 - Authentication Bypass via WebDAV URL Decoding

Internet Information Services 5.1 and 6.0 - Authentication Bypass via Unicode %c0%af URI Obfuscation

Ascad Networks Password Protector SD <1.3.1 - Auth Bypass

IBM DB2 <8.FP17, <9.1.FP7, <9.5.FP4 - Auth Bypass

Million Dollar Text Links 1.0 - Unauthenticated Authentication Bypass via userid Cookie

myGesuad 0.9.14 - Authenticated User Account Enumeration via Find Action

myColex 1.4.2 - Authenticated User Account Enumeration via admuser.php Find Action

pam-krb5 2.2.14-2.3.4 - Username Enumeration via Differential Password Prompts

Android 1.5-1.5 CRB42 - Improper Authentication via Shared User ID Request

TCPDB 3.8 - Unauthenticated Admin Account Creation via user/index.php

Easy Scripts Answer and Question Script - Unauthenticated Password Change via myaccount.php

Techno Dreams Job Career Package 3.0 - Unauthenticated Authentication Bypass via JobCareerAdmin Cookie

AjaxTerm < 0.10 - Session Hijacking and Denial of Service via Predictable Session ID

SquirrelMail < 1.4.18 - Session Fixation via Crafted Cookie

Teraway FileStream 1.0 - Unauthenticated Authentication Bypass via twFSadmin Cookie

Teraway LiveHelp 2.0 - Unauthenticated Authentication Bypass via TWLHadmin Cookie

Teraway LinkTracker 1.0 - Unauthenticated Authentication Bypass via Cookie Manipulation

CVE-2009-1596 MEDIUM

Openfire < 3.6.5 - Authenticated Password Change Policy Bypass via IQ Packet

Openfire < 3.6.4 - Authenticated Password Change via Modified Username Element

Previous Page 160 of 176 Next

Details

Vulnerabilities 4,376

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy