CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,377 vulnerabilities with CWE-287
CVE-2004-2182
Macromedia JRun 4.0 - Info Disclosure
CVE-2004-2715
PHPMyChat 0.14.5 - Improper Authentication via do_not_login Parameter
CVE-2004-2724
LionMax Software Chat Anywhere 2.72a - Denial of Service via Malformed Username
CVE-2004-2734
Novell NetWare 6.5 - Unauthenticated Access Control Bypass via Inconsistent Alias Tag Case
CVE-2004-2736
Polar HelpDesk 3.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
CVE-2004-1760
Cisco Emergency Responder - Unauthenticated Administrator Access via IBM Director Agent
CVE-2003-1574
TikiWiki 1.6.1 - Authentication Bypass via Remember Me Feature
CVE-2003-1570
IBM Tivoli Storage Manager 5.1.x 5.2.x < 5.2.1.2 6.x < 6.1 - Unauthenticated Server Console Session Exposure
CVE-2003-1343
Trend Micro ScanMail < 3.8 - Improper Authentication via Backdoor Account
CVE-2003-1433
Unreal Engine 226f-436 - Improper Authentication via Challenge Key Validation Bypass
CVE-2003-1434
login_ldap 3.1 and 3.2 - Unauthenticated LDAP Bind Access
CVE-2003-1442
Ericsson HM220dp ADSL Modem - Unauthenticated Web Administration Access
CVE-2003-1475
Netbus 1.5-1.7 - Unauthenticated Remote Access via Multiple Client Connections
CVE-2003-1489
Truegalerie 1.0 - Unauthenticated Arbitrary File Read via File Cookie
CVE-2003-0216
Cisco CATOS 7.5(1) - Unauthenticated Authentication Bypass
CVE-2002-2438 HIGH
Linux Kernel < 2.4.20 - TCP Firewall Bypass via SYN Packet Flag Manipulation
CVSS 7.5
CVE-2002-2427
GoAhead WebServer < 2.1.1 - Unauthenticated Authentication Bypass via Extra Slash in URL
CVE-2002-2279
aldap 0.09 - Improper Authentication via Bind Function
CVE-2002-2397
Sygate Personal Firewall 5.0 - Firewall Filter Bypass via Spoofed Loopback Address
CVE-2002-2417
acFTP 1.4 - Improper Authentication
CVE-2002-0507
Microsoft Exchange Server - Authentication Bypass via Repeated OWA Requests
CVE-2002-0563
Oracle 9i Application Server 1.0.2.x - Unauthenticated Access to Sensitive Services
CVE-2001-1585
OpenSSH 2.3.1 - Improper Authentication via Public Key Bypass
CVE-2001-0537
Cisco IOS 11.3-12.2 - Unauthenticated Command Execution via High Access Level URL
CVE-1999-0987
Windows NT - Improper Authentication via Domain Name with Trailing Space
Details
Vulnerabilities 4,377
Exploit Likelihood High