CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,376 vulnerabilities with CWE-287
CVE-2008-6857
Absolute Podcast .NET 1.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
CVE-2008-6856
Absolute News Manager.NET 5.1 - Unauthenticated Authentication Bypass via Cookie Manipulation
CVE-2008-6855
Xigla Absolute News Feed 1.0 and possibly 1.5 - Unauthenticated Authentication Bypass via Cookie Manipulation
CVE-2008-6854
Xigla Absolute FAQ Manager.NET 6.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
CVE-2008-6816
Eaton Network Shutdown Module < 3.10 Build 13 - Remote Code Execution via Custom Action
CVE-2008-6815
myktools 2.4 - Unauthenticated Database Backup Exposure via mykdownload.php
CVE-2008-6804
Tribiq CMS 5.0.9a beta - Unauthenticated Authentication Bypass via Cookie Manipulation
CVE-2008-6763
Silentum LoginSys 1.0.0 - Unauthenticated Authentication Bypass via logged_in Cookie
CVE-2008-6743
RSMScript 1.21 - Unauthenticated Authentication Bypass via Cookie Manipulation
CVE-2008-6739
Todd Woolums ASP Download 1.03 - Unauthenticated Privilege Escalation via setupdownload.asp
CVE-2008-6738
MyShoutPro 1.2 - Unauthenticated Authentication Bypass via admin_access Cookie
CVE-2008-6723
TurnkeyForms Entertainment Portal 2.0 - Unauthenticated Authentication Bypass via adminLogged Cookie
CVE-2008-6719
U&M Software Event Lister (JustListIt) 1.0 - Unauthenticated Access to Admin Scripts
CVE-2008-6718
U&M Software JustBookIt 1.0 - Unauthenticated Improper Authentication in Admin Scripts
CVE-2008-6717
U&M Software Signup 1.0 and 1.1 - Unauthenticated Improper Authentication in Admin Directory
CVE-2008-6716
Pre ADS Portal < 2.0 - Unauthenticated Improper Authentication in Admin Home Page
CVE-2008-6714
xeCMS <= 1.0.0 RC2 - Unauthenticated Authentication Bypass via xecms_username Cookie
CVE-2008-6707
Avaya SIP Enablement Services 3.x-4.0 - Unauthenticated Sensitive Information Exposure
CVE-2008-6667
A+ PHP Scripts News Management System - Unauthenticated Authentication Bypass via Cookie Manipulation
CVE-2008-6664
SH-News 3.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
CVE-2008-6581
PhpAddEdit 1.3 - Unauthenticated Authentication Bypass via addedit Cookie
CVE-2008-6569
Cybozu Garoon 2.0.0-2.1.3 - Session Fixation via Login Page Session ID
CVE-2008-6553
Micro CMS 0.3.5 - Unauthenticated Administrative Account Manipulation
CVE-2008-6523
openInvoice 0.90 beta and earlier - Unauthenticated Authentication Bypass via oiauth Cookie
CVE-2008-6455
Edikon phpShop 0.8.1 - Session Fixation
Details
Vulnerabilities 4,376
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits