CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,371 vulnerabilities with CWE-287
CVE-2020-22176 HIGH
PHPGurukul Hospital Management System 4.0 - Unauthenticated Sensitive Information Disclosure
CVSS 7.5
CVE-2020-24514 MEDIUM
Intel(R) RealSense(TM) - Privilege Escalation
CVSS 6.8
CVE-2020-26136 MEDIUM
SilverStripe < 4.6.0 - Improper Authentication via GraphQL Basic Authentication
CVSS 6.5
CVE-2020-15077 MEDIUM
OpenVPN Access Server <2.8.7 - Auth Bypass
CVSS 5.3
CVE-2020-14380 HIGH
Red Hat Satellite 6.7.2 - Account Takeover via External Authentication
CVSS 7.5
CVE-2020-10709 HIGH
Ansible Tower < 3.5.6 - Insufficient Session Expiration via OAuth2 Token
CVSS 7.1
CVE-2020-26558 MEDIUM
Bluetooth Core Specification 2.1-5.2 - Info Disclosure
CVSS 4.2
CVE-2020-26557 HIGH
Bluetooth Mesh <1.0.1 - Info Disclosure
CVSS 7.5
CVE-2020-26139 MEDIUM
NetBSD 7.1 - Unauthenticated EAPOL Frame Forwarding
CVSS 5.3
CVE-2020-19111 CRITICAL
Online Book Store v1.0 - Auth Bypass
CVSS 9.8
CVE-2020-21991 CRITICAL
AVE DOMINAplus <= 1.10.x - Unauthenticated Authentication Bypass via changeparams.php autologin Parameter
CVSS 9.8
CVE-2020-28973 HIGH
ABUS Secvest FUAA50000 3.01.17 - Improper Authentication
CVSS 7.5
CVE-2020-7856 HIGH
cnesty helpcom < 11.2020 - Unauthenticated OS Command Injection
CVSS 7.5
CVE-2020-35231 HIGH
NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 - Authentication Bypass via NSDP Protocol
CVSS 8.8
CVE-2020-27838 MEDIUM
Keycloak < 13.0.0 - Unauthenticated Information Disclosure via Client Registration Endpoint
CVSS 6.5
CVE-2020-28050 CRITICAL
ManageEngine Desktop Central < 10.0.647 - Improper Authentication via Shared Agent Secret
CVSS 9.1
CVE-2020-5148 HIGH
SonicWall Directory Services Connector < 4.1.19 - Unauthenticated Password Hash Capture
CVSS 8.2
CVE-2020-26200 MEDIUM
Kaspersky Endpoint Security and Rescue Disk - Improper Authentication via Untrusted UEFI Module Loading
CVSS 6.8
CVE-2020-10254 MEDIUM
owncloud < 10.4.0 - Unauthenticated Authentication Bypass via Image Preview
CVSS 5.9
CVE-2020-27866 HIGH
NETGEAR Multiple Routers Firmware - Unauthenticated Authentication Bypass via mini_httpd
CVSS 8.8
CVE-2020-27865 HIGH
D-Link DAP-1860 Firmware < 1.04b03 - Unauthenticated Remote Code Execution via uhttpd String Matching Flaw
CVSS 8.8
CVE-2020-27863 MEDIUM
D-Link DVA-2800 and DSL-2888A - Unauthenticated Sensitive Information Disclosure via dhttpd Service
CVSS 6.5
CVE-2020-13185 MEDIUM
Teradici Cloud Access Connector <18 - Auth Bypass
CVSS 6.5
CVE-2020-10048 MEDIUM
SIMATIC PCS 7 and WinCC < 7.5 SP2 - Improper Authentication via Insecure Password Verification
CVSS 5.5
CVE-2020-10539 CRITICAL
epikur < 20.1.1 - Unauthenticated Backdoor Password Bypass via Hardcoded MD5 Hash
CVSS 9.8
Details
Vulnerabilities 4,371
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits