CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,365 vulnerabilities with CWE-287
CVE-2021-40342 HIGH
Hitachienergy FOXMAN-UN and UNEM - Use of Default Encryption Key
CVSS 7.1
CVE-2021-35252 HIGH
Serv-U FTP Server - Info Disclosure
CVSS 7.5
CVE-2021-45036 HIGH
Velneo vClient 28.1.3 - Authentication Bypass by Spoofing via Hashed Password
CVSS 8.7
CVE-2021-33159 HIGH
Intel(R) AMT < - Privilege Escalation
CVSS 7.4
CVE-2021-36369 HIGH
Dropbear <2020.81 - Privilege Escalation
CVSS 7.5
CVE-2021-40693 MEDIUM
Moodle - Authentication Bypass via External Database Type Juggling
CVSS 6.5
CVE-2021-45035 MEDIUM
Velneo vClient 28.1.3 - Improper Certificate Validation
CVSS 6.3
CVE-2021-33076 MEDIUM
Intel(R) SSD DC - Privilege Escalation
CVSS 5.3
CVE-2021-42949 CRITICAL
HotelDruid Hotel Management Software <3.0.3 - Auth Bypass
CVSS 9.8
CVE-2021-3632 HIGH
Keycloak < 15.1.0 - Unauthenticated WebAuthn Device Registration
CVSS 7.5
CVE-2021-3979 MEDIUM
Red Hat Ceph Storage - Use of a Broken or Risky Cryptographic Algorithm
CVSS 6.5
CVE-2021-4142 MEDIUM
Candlepin 3.1.0-3.1.28-2 - Authentication Bypass via SCA Certificate
CVSS 5.5
CVE-2021-3827 MEDIUM
Keycloak < 18.0.0 - Authentication Bypass via ECP Binding Flow
CVSS 6.8
CVE-2021-40874 CRITICAL
LemonLDAP::NG <2.0.13 - Info Disclosure
CVSS 9.8
CVE-2021-43116 HIGH
Nacos < 2.0.3 - Improper Authentication via Packet Manipulation
CVSS 8.8
CVE-2021-41995 HIGH
PingID Integration for Mac Login < 1.1 - MFA Bypass via RSA Misconfiguration
CVSS 7.7
CVE-2021-41506 CRITICAL
Xiongmai DVR/NVR/IP Camera Firmware - Backdoor via Static Root Credentials
CVSS 9.8
CVE-2021-41638 HIGH
MELAG FTP Server 2.2.0.4 - Unauthenticated File Access via Valid Username
CVSS 7.5
CVE-2021-26638 HIGH
S&D smarthome < 3.2.48 - Improper Authentication
CVSS 7.3
CVE-2021-26637 HIGH
SiHAS SGW-300, ACM-300, GCM-300 Firmware - Unauthenticated Remote Device Control
CVSS 8.8
CVE-2021-35094 HIGH
Snapdragon Auto- Snapdragon Compute - Privilege Escalation
CVSS 7.8
CVE-2021-4230 LOW
Airfield Online - Unauthenticated Sensitive Data Exposure via MySQL Backup Handler
CVSS 3.7
CVE-2021-30028 HIGH
SOOTEWAY Wi-Fi Range Extender v1.5 - Auth Bypass
CVSS 7.2
CVE-2021-42849 MEDIUM
Lenovo A1 Firmware < 5.3.6.a1 - Authentication Bypass
CVSS 6.8
CVE-2021-33083 MEDIUM
Intel Optane SSD and SSD DC Firmware - Improper Authentication
CVSS 4.4
Details
Vulnerabilities 4,365
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits