CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,360 vulnerabilities with CWE-287
CVE-2023-34340 CRITICAL
Apache Accumulo 2.1.0 - Improper Authentication
CVSS 9.8
CVE-2023-3337 HIGH
Online Shopping System Advanced 1.0 - Improper Authentication in Admin Registration
CVSS 7.3
CVE-2023-30223 HIGH
4D Server v17 v18 v19 R7 and earlier - Improper Authentication via Crafted TCP Packets
CVSS 7.5
CVE-2023-34367 MEDIUM
Windows 7 - Blind TCP/IP Hijacking via Idle Scan Attack
CVSS 6.5
CVE-2023-2638 MEDIUM
Rockwell Automation's FactoryTalk System Services - Auth Bypass
CVSS 5.9
CVE-2023-20867 LOW KEV
VMware Tools 10.3.0-12.2.5 - Improper Authentication
CVSS 3.9
CVE-2023-30762 CRITICAL
KB-AHR and KB-IRIP Series - Improper Authentication
CVSS 9.8
CVE-2023-29129 CRITICAL
Mendix SAML Authentication Bypass via SAML Assertion
CVSS 9.1
CVE-2023-32220 HIGH
Milesight NCR/camera_firmware 71.8.0.6-r5 - Authentication Bypass
CVSS 8.2
CVE-2023-34246 MEDIUM
Doorkeeper < 5.6.6 - Improper Authentication via Public Client Auto-Approval
CVSS 4.2
CVE-2023-33553 CRITICAL
Planet Technologies WDRT-1800AX v1.01-CP21 - Privilege Escalation
CVSS 9.8
CVE-2023-32682 MEDIUM
Synapse < 1.85.0 - Improper Authentication via Uncommon Configuration
CVSS 5.4
CVE-2023-3065 CRITICAL
Mobatime mobile app <1.3.20 - Auth Bypass
CVSS 9.1
CVE-2023-3069 CRITICAL
tsolucio/corebos <8 - Info Disclosure
CVSS 9.8
CVE-2023-3028 HIGH
HopeChart HQT-401 - Unauthenticated RCE
CVSS 8.6
CVE-2023-2283 MEDIUM
libssh 0.9.1-0.9.6 - Authentication Bypass via pki_verify_data_signature Memory Allocation Error
CVSS 6.5
CVE-2023-0117 MEDIUM
Huawei EMUI - Improper Authentication in hwKitAssistant
CVSS 5.3
CVE-2023-27388 CRITICAL
Tandd Tr-71w Firmware - Incorrect Authorization
CVSS 9.8
CVE-2023-25946 HIGH
Qrio Lock (Q-SL2) Firmware < 2.0.9 - Authentication Bypass via Communication Data Analysis
CVSS 8.8
CVE-2023-2586 CRITICAL
Teltonika Remote Management System 4.14.0 - Unauthenticated Device Registration and Remote Code Execution
CVSS 9.0
CVE-2023-32347 HIGH
Teltonika Remote Management System < 4.10.0 - Improper Authentication via Device Serial Number and MAC Address
CVSS 8.1
CVE-2023-2024 CRITICAL
OpenBlue Enterprise Manager Data Collector < 3.2.5.75 - Improper Authentication
CVSS 10.0
CVE-2023-0863 HIGH
ABB Terra AC Wallbox Firmware - Improper Authentication
CVSS 8.8
CVE-2023-2706 HIGH
OTP Login Woocommerce & Gravity Forms < 2.3 - Unauthenticated Authentication Bypass via OTP Code Exposure
CVSS 8.1
CVE-2023-2499 CRITICAL
RegistrationMagic < 5.2.1.0 - Unauthenticated Authentication Bypass via Google Social Login
CVSS 9.8
Details
Vulnerabilities 4,360
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits