CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,357 vulnerabilities with CWE-287
CVE-2023-31292 MEDIUM
Sesami CPTO <6.3.8.6 - Info Disclosure
CVSS 5.5
CVE-2023-40038 HIGH
Arris DG860A and DG1670A - Unauthenticated Remote Access via Predictable WPA2 PSK
CVSS 8.8
CVE-2023-4641 MEDIUM
shadow-utils < 4.14.0 - Password Exposure via Uncleared Memory Buffer
CVSS 4.7
CVE-2023-6155 MEDIUM
Quiz Maker WP <6.4.9.5 - Info Disclosure
CVSS 5.3
CVE-2023-31224 CRITICAL
Jamf Pro Server <10.46.1 - Auth Bypass
CVSS 9.8
CVE-2023-50714 MEDIUM
yii2-authclient < 2.2.15 - Improper Authentication via OAuth2 PKCE Implementation
CVSS 6.8
CVE-2023-49791 MEDIUM
Nextcloud Server 23.0.0-23.0.12.12, 26.0.0-26.0.8 - Improper Access Control via API Bypass
CVSS 5.4
CVE-2023-49790 MEDIUM
Nextcloud iOS Files < 4.9.2 - Improper Authentication
CVSS 4.3
CVE-2023-51708 HIGH
Bentley eB System Management Console <23.00.02.03 - Info Disclosure
CVSS 8.6
CVE-2023-6847 HIGH
GitHub Enterprise Server 3.9.0-3.9.6 - Improper Authentication Bypass via API Request
CVSS 7.5
CVE-2023-51442 HIGH
navidrome < 0.50.2 - Unauthenticated Authentication Bypass via JWT Query Parameter
CVSS 8.6
CVE-2023-6768 CRITICAL
Amazing Little Poll 1.3-1.4 - Unauthenticated Authentication Bypass via lp_admin.php adminstep Parameter
CVSS 9.4
CVE-2023-37544 HIGH
Apache Pulsar WebSocket Proxy 2.8.0-2.11.1, 3.0.0 - DoS via /pingpong
CVSS 7.5
CVE-2023-6483 CRITICAL
ADiTaaS 5.1 - Unauthenticated Improper Authentication via Backend API
CVSS 9.1
CVE-2023-6907 MEDIUM
codelyfe stupid_simple_cms < 1.2.4 - Unauthenticated Arbitrary File Deletion via File Manager
CVSS 5.4
CVE-2023-49646 MEDIUM
Zoom Meeting SDK < 5.16.5 - Authenticated Denial of Service
CVSS 6.4
CVE-2023-44252 HIGH
FortiWAN 5.1.1-5.1.2 5.2.0-5.2.1 - Authenticated Privilege Escalation via Crafted JWT Token
CVSS 8.8
CVE-2023-45801 HIGH
Nadatel DVR 3.0.0-9.9.0 - Improper Authentication
CVSS 7.5
CVE-2023-36004 HIGH
Windows DPAPI - Privilege Escalation
CVSS 7.5
CVE-2023-36648 HIGH
ProLion CryptoSpike 3.0.15P2 - Info Disclosure, DoS
CVSS 8.2
CVE-2023-50430 MEDIUM
Goodix Fingerprint Sensor Firmware - Unauthenticated Authentication Bypass via Windows Hello Template Database Selection
CVSS 6.4
CVE-2023-45866 MEDIUM
BlueZ Bluetooth HID Hosts - Unauthenticated Keyboard Input Injection
CVSS 6.3
CVE-2023-43742 CRITICAL
Zultys MX-SE <17.0.10-16.04 - Auth Bypass
CVSS 9.8
CVE-2023-36655 CRITICAL
ProLion CryptoSpike 3.0.15P2 - Auth Bypass
CVSS 9.8
CVE-2023-6514 HIGH
Huawei AJMD-370S Firmware - Identity Authentication Bypass in Bluetooth Module
CVSS 8.8
Details
Vulnerabilities 4,357
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits