CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,363 vulnerabilities with CWE-287
CVE-2022-20662 MEDIUM
Cisco Duo for macOS < 2.0.0 - Unauthenticated Authentication Bypass via Smart Card Login
CVSS 6.1
CVE-2022-39254 HIGH
matrix-nio <0.20 - Privilege Escalation
CVSS 8.6
CVE-2022-39252 HIGH
matrix-rust-sdk < 0.6 - Improper Authentication via Room Key Forwarding
CVSS 8.6
CVE-2022-39250 HIGH
Matrix JavaScript SDK <19.7.0 - XSS
CVSS 8.6
CVE-2022-39264 HIGH
nheko < 0.10.2 - Improper Certificate Validation
CVSS 8.6
CVE-2022-39263 MEDIUM
next-auth < 3.0.2 - Improper Authentication via Upstash Redis Adapter Email Callback
CVSS 6.8
CVE-2022-39257 HIGH
Matrix iOS SDK <0.23.19 - Info Disclosure
CVSS 7.5
CVE-2022-39255 HIGH
Matrix iOS SDK <0.23.19 - Open Redirect
CVSS 8.6
CVE-2022-39251 HIGH
Matrix Client-Server SDK <19.7.0 - Open Redirect
CVSS 8.6
CVE-2022-39249 HIGH
Matrix Client-Server SDK <19.7.0 - Info Disclosure
CVSS 7.5
CVE-2022-39248 HIGH
Matrix Android SDK <1.5.1 - Open Redirect
CVSS 8.6
CVE-2022-39246 HIGH
Matrix Android SDK <1.5.1 - Info Disclosure
CVSS 7.5
CVE-2022-22523 HIGH
Carlo Gavazzi UWP3.0-CPY Car Park Server <2.8.3 - Auth Bypass
CVSS 7.5
CVE-2022-39245 HIGH
makedeb/mist < 0.9.5 - Authentication Bypass via PATH Variable Sudo Binary
CVSS 8.4
CVE-2022-39219 HIGH
Bifrost < 1.8.7-release - Authentication Bypass via HTTP Basic Authentication
CVSS 8.5
CVE-2022-3119 HIGH
OAuth client Single Sign On WordPress plugin < 3.0.4 - Unauthenticated Settings Update and OAuth Endpoint Hijack
CVSS 7.5
CVE-2022-35248 HIGH
Rocket.Chat < 4.7.5 - Two-Factor Authentication Bypass via CAS Login
CVSS 8.8
CVE-2022-30124 MEDIUM
Rocket.Chat Mobile App < 4.14.1.22788 - Unauthenticated Local Authentication Bypass
CVSS 6.8
CVE-2022-39238 MEDIUM
Arvados < 2.4.3 - Improper Authentication via PAM
CVSS 4.2
CVE-2022-39231 LOW
parse-server < 4.10.16 and 5.0.0-5.2.6 - Improper Authentication via Facebook/Spotify App ID Validation Bypass
CVSS 3.7
CVE-2022-40616 HIGH
IBM Maximo Asset Management 7.6.1.1-7.6.1.3 - Authentication Bypass
CVSS 8.1
CVE-2022-28321 CRITICAL
linux-pam < 1.5.2-6.1 - Authentication Bypass via Unresolvable DNS IP Address
CVSS 9.8
CVE-2022-40144 CRITICAL
Trend Micro Apex One - Authentication Bypass via Request Parameter Falsification
CVSS 9.8
CVE-2022-3218 CRITICAL
Necta WiFi Mouse Server - Remote Code Execution via Client-Side Authentication Bypass
CVSS 9.8
CVE-2022-3173 MEDIUM
Snipe-IT < 6.0.10 - Improper Authentication
CVSS 4.3
Details
Vulnerabilities 4,363
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits