CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,371 vulnerabilities with CWE-287
CVE-2020-16102 HIGH
Gallagher Command Centre < 7.90.0 - Unauthenticated Denial of Service via Invalid Configuration
CVSS 7.1
CVE-2020-29669 HIGH
Macally WIFISD2-2A82 Media and Travel Router 2.000.010 - Privilege Escalation
CVSS 8.8
CVE-2020-35208 MEDIUM
LastPass 4.8.11.2403 for iOS - Authentication Bypass via Runtime Manipulation
CVSS 5.7
CVE-2020-35207 MEDIUM
LastPass 4.8.11.2403 - Improper Authentication via Runtime Manipulation
CVSS 5.7
CVE-2020-29563 CRITICAL
Western Digital My Cloud OS <5.07.118 - Auth Bypass
CVSS 9.8
CVE-2020-29668 LOW
Sympa < 6.2.59b.2 - Unauthenticated Improper Authentication via SOAP API Cookie Handling
CVSS 3.7
CVE-2020-7787 HIGH
react-adal < 0.5.1 - Improper Authentication via Empty Nonce and Session Values
CVSS 8.2
CVE-2020-26834 MEDIUM
SAP HANA Database 2.0 - Auth Bypass
CVSS 5.4
CVE-2020-27408 HIGH
OpenSIS Community Edition < 7.6 - Unauthenticated Arbitrary Password Reset via ResetUserInfo.php
CVSS 7.5
CVE-2020-7199 CRITICAL
HPE Edgeline Infrastructure Manager < 1.21 - Improper Authentication
CVSS 9.8
CVE-2020-28971 CRITICAL
Western Digital My Cloud OS 5 < 5.06.115 - Unauthenticated Authentication Bypass via Cookie
CVSS 9.8
CVE-2020-28970 CRITICAL
Western Digital My Cloud OS 5 < 5.06.115 - Unauthenticated Authentication Bypass via Cookie
CVSS 9.8
CVE-2020-28940 CRITICAL
Western Digital My Cloud OS 5 < 5.06.115 - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2020-7533 CRITICAL
Schneider Electric Modicon M340 RCE via Crafted HTTP Requests
CVSS 9.8
CVE-2020-29392 MEDIUM
Estil Hill Lock Password Manager Safe <2.3 - Info Disclosure
CVSS 4.6
CVE-2020-29127 CRITICAL
Fujitsu Eternus Storage DX200 S4 Firmware < 2020-11-25 - Broken Authentication via cgi-bin/csp URI
CVSS 9.8
CVE-2020-29378 HIGH
V-SOL V1600D <2.03.69, V1600D4L <1.01.49, V1600D-MINI <1.01.48, V16...
CVSS 8.8
CVE-2020-28333 CRITICAL
Barco wePresent WiPG-1600W Firmware 2.5.1.8 - Authentication Bypass via SEID Token Exposure
CVSS 9.8
CVE-2020-7378 CRITICAL
OpenCRX < 5.0-20200904 - Unauthenticated Unverified Password Change
CVSS 9.1
CVE-2020-28896 MEDIUM
Mutt < 2.0.2 and NeoMutt < 2020-11-20 - Unencrypted Credential Exposure via Invalid IMAP Server Response
CVSS 5.3
CVE-2020-4771 MEDIUM
IBM Spectrum Protect Operations Center 7.1.0.000-7.1.11 - Sensitive Information Exposure via WebSocket
CVSS 5.3
CVE-2020-1778 MEDIUM
OTRS < 8.0.9 - Improper Authentication via Multiple Backends
CVSS 4.1
CVE-2020-26236 HIGH
scratchverifier < a603769 - Authentication Bypass via Verification Code Reuse
CVSS 7.5
CVE-2020-9049 HIGH
American Dynamics victor Web Client <5.6 & Software House CCURE Web Client <2.90 - DoS via JWT Bypass
CVSS 7.1
CVE-2020-27558 MEDIUM
BASETech GE-131 BT-1837836 - Info Disclosure
CVSS 6.5
Details
Vulnerabilities 4,371
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits