CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,376 vulnerabilities with CWE-287
CVE-2009-0280
Asp Project Management 1.0 - Auth Bypass
CVE-2009-0256
TYPO3 4.0.0-4.0.9 4.1.0-4.1.7 4.2.0-4.2.3 - Session Fixation via Frontend and Backend Authentication
CVE-2009-0030
Red Hat SquirrelMail <1.4.8 - Info Disclosure
CVE-2009-0130 HIGH
erlang - Improper Authentication via OpenSSL DSA_do_verify Return Value Mishandling
CVSS 7.5
CVE-2009-0129
libcrypt-openssl-dsa-perl - Info Disclosure
CVE-2009-0128
SLURM - Certificate Validation Bypass
CVE-2009-0127
M2Crypto - Improper Authentication via OpenSSL Signature Verification Bypass
CVE-2009-0126
BOINC <6.2.14, 6.4.5 - Info Disclosure
CVE-2009-0125
Nessus Attack Scripting Language <2.2.11 - RCE
CVE-2009-0124
ARRL tqsllib 2.0 - Improper Certificate Chain Validation via OpenSSL EVP_VerifyFinal Return Value
CVE-2009-0051
ZXID <0.29 - Certificate Validation Bypass
CVE-2009-0049
Belgian eID middleware <2.6.0 - Info Disclosure
CVE-2009-0048
OpenEvidence 1.0.6 - Info Disclosure
CVE-2009-0047
Gale <= 0.99 - Improper Authentication via OpenSSL EVP_VerifyFinal Return Value
CVE-2009-0046
Sun GridEngine <5.3 - Certificate Validation Bypass
CVE-2009-0025
BIND 9.6.0 9.5.1 9.5.0 9.4.3 and earlier - Improper Authentication via OpenSSL DSA_verify Return Value
CVE-2009-0021
NTP <4.2.4p5/4.2.5p150 - Info Disclosure
CVE-2008-7263
pyftpdlib < 0.5.0 - Unauthenticated Brute-Force Attack via Immediate Response
CVE-2008-4389
Symantec Workspace Streaming < 6.1 SP4 and AppStream 5.2.x - Improper Authentication
CVE-2008-7179
OTManager CMS 2.4 - Unauthenticated Authentication Bypass via Cookie Manipulation
CVE-2008-7156
ekinboard < 1.1.0 - Unauthenticated Privilege Escalation via _groups Parameter
CVE-2008-7124
zKup CMS 2.0-2.3 - Unauthenticated Privilege Escalation via Direct Admin Configuration Access
CVE-2008-7086
Maian Greetings 2.1 - Unauthenticated Authentication Bypass via mecard_admin_cookie
CVE-2008-7081
RaidSonic ICY BOX NAS 2.3.2.IB.2.RS.1 - Unauthenticated Authentication Bypass via login Parameter
CVE-2008-7051
AJ Square AJ Article - Unauthenticated Administrator Access via Direct Request
Details
Vulnerabilities 4,376
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits