CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,376 vulnerabilities with CWE-287
CVE-2008-2833
le.cms < 1.4 - Unauthenticated Arbitrary File Upload via admin/upload.php
CVE-2008-2705
Sun Java System Access Manager 7.1 - Unauthenticated Authentication Bypass
CVE-2008-0960
Juniper Session and Resource Control 1.0.0-2.0.0 - Improper Authentication via SNMPv3 HMAC Length Manipulation
CVE-2008-1106
Akamai Client < 3322 - Authentication Bypass via Referer Header Spoofing
CVE-2008-2406
Sun Java ASP Server < 4.0.3 - Unauthenticated Authentication Bypass via TCP Port 5102
CVE-2008-2524
BlogPHP 2.0 - Authentication Bypass via Cookie Manipulation
CVE-2008-2528
Citrix Access Gateway Standard Edition <= 4.5.7 and Advanced Edition <= 4.5 HF2 - Authentication Bypass
CVE-2008-2516
libpam-pgsql 0.6.3 - Privilege Escalation via SIGINT Signal During Authentication
CVE-2008-0536
Cisco Service Control Engine < 3.1.0 - Denial of Service via SSH Traffic
CVE-2008-1949
GnuTLS - Denial of Service via Multiple Client Hello Messages
CVE-2008-2347
MyPicGallery 1.0 - Unauthenticated Authentication Bypass via userID Parameter
CVE-2008-2282
Internet Photoshow and Internet Photoshow SE - Unauthenticated Authentication Bypass via login_admin Cookie
CVE-2008-2298
Web Slider 0.6 - Unauthenticated Privilege Escalation via Admin Cookie
CVE-2008-2269
AustinSmoke GasTracker 1.0.0 - Unauthenticated Privilege Escalation via gastracker_admin Cookie
CVE-2008-1930
WordPress - Improper Authentication via Cookie Hash Collision
CVE-2008-1971
phShoutBox Final <1.5 - Privilege Escalation
CVE-2008-1938
Sony Mylo COM-2 Japanese <1.002 - Info Disclosure
CVE-2008-1897
Asterisk Open Source <1.2.28-1.4.19.1 - DoS
CVE-2008-1904
Cicoandcico CcMail <1.0.1 - Auth Bypass
CVE-2008-1883
Blackboard Academic Suite 7.x - Info Disclosure
CVE-2008-1868
Blog Pixel Motion - Info Disclosure
CVE-2008-1727
KnowledgeQuest 2.5 and 2.6 - Unauthenticated Arbitrary Admin Account Creation via admincheck.php
CVE-2008-1154
Cisco Unified Communications Products - Unauthenticated Remote Code Execution
CVE-2008-0555
Apache-SSL - Authentication Bypass via Malformed Distinguished Name in Client Certificate
CVE-2008-0706
HP Compaq Notebook PC BIOS <= F.26 - Authentication Bypass via Power-On Password
Details
Vulnerabilities 4,376
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits