CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,363 vulnerabilities with CWE-287
CVE-2022-46170 HIGH
CodeIgniter <4.2.10 - Info Disclosure
CVSS 8.6
CVE-2022-23540 MEDIUM
jsonwebtoken <=8.5.1 - Signature Validation Bypass via Default 'none' Algorithm
CVSS 6.4
CVE-2022-23541 MEDIUM
jsonwebtoken <= 8.5.1 - Improper Authentication via Algorithm Confusion
CVSS 5.0
CVE-2022-46316 CRITICAL
HarmonyOS < 2.1 - Improper Authentication
CVSS 9.8
CVE-2022-46313 MEDIUM
Sensor Privacy Module - Auth Bypass
CVSS 5.3
CVE-2022-41590 MEDIUM
HarmonyOS - Improper Authentication via Setup Wizard Bypass
CVSS 5.5
CVE-2022-46400 MEDIUM
Microchip RN4870 <1.43 - Auth Bypass
CVSS 5.4
CVE-2022-42453 MEDIUM
HCL BigFix Platform 9.5.0-9.5.20 - Insufficient Authentication Warning for Fixlet Import
CVSS 6.9
CVE-2022-3875 HIGH
Click Studios Passwordstate - Auth Bypass
CVSS 7.3
CVE-2022-47209 HIGH
Netgear RAX30 Firmware <= 1.0.9.90 - Backdoor Account
CVSS 8.8
CVE-2022-47408 CRITICAL
fp_newsletter <1.1.1, 1.2.0, 2.x<2.1.2, 2.2.1-2.4.0, 3.x<3.2.6 - CAPTCHA Bypass
CVSS 9.1
CVE-2022-23501 MEDIUM
TYPO3 < 8.7.49, 9.5.38, 10.4.33, 11.5.20, 12.1.1 - Improper Authentication via Username Ambiguity
CVSS 5.9
CVE-2022-2757 CRITICAL
Kingspan TMS300 CS Firmware - Unauthenticated Settings Modification via Webserver URL
CVSS 9.8
CVE-2022-25685 HIGH
Qualcomm Multiple Chips - DoS via Modem Error Handling
CVSS 7.5
CVE-2022-23505 MEDIUM
passport-wsfed-saml2 < 4.6.3 - Authentication Bypass via IDP Signed Assertion
CVSS 5.3
CVE-2022-29838 MEDIUM
Western Digital My Cloud OS < 5.25.124 - Improper Authentication in Encrypted Volumes and Auto Mount Features
CVSS 4.3
CVE-2022-2752 MEDIUM
Secomea GateManager 9.4-9.7 - Improper Authentication via Failed Login Condition
CVSS 5.5
CVE-2022-46829 HIGH
JetBrains Gateway <2022.3 - Auth Bypass
CVSS 7.1
CVE-2022-45877 HIGH
OpenHarmony 3.1-3.1.4 - Cleartext Transmission of Sensitive Information via Cross-Device Authentication
CVSS 8.3
CVE-2022-45118 MEDIUM
OpenHarmony 3.1-3.1.2 - Unauthenticated Personal Data Exposure via Telephony Public Events
CVSS 6.2
CVE-2022-39901 MEDIUM
Samsung Exynos Firmware - Improper Authentication
CVSS 6.5
CVE-2022-39899 MEDIUM
Google Android - Authentication Bypass
CVSS 5.7
CVE-2022-42458 CRITICAL
bingo!CMS < 1.7.4.1 - Unauthenticated Authentication Bypass and Arbitrary File Upload
CVSS 9.8
CVE-2022-40966 HIGH
Buffalo network devices <1.87-<2.00 - Auth Bypass
CVSS 8.8
CVE-2022-44620 HIGH
UDR-JA1604/UDR-JA1608/UDR-JA1616 Firmware < 71x10.1.107114.43a - Authenticated OS Command Injection
CVSS 8.8
Details
Vulnerabilities 4,363
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits