CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2019-15796 MEDIUM
python-apt <= 1.9.3ubuntu2 - Improper Authentication in Version Hash Validation
CVSS 4.7
CVE-2019-20620 HIGH
Android - Unauthenticated Settings Modification
CVSS 7.5
CVE-2019-20618 HIGH
Samsung Android P(9.0) - Unauthenticated App Unpinning via Pin Window Feature
CVSS 7.5
CVE-2019-20565 HIGH
Samsung Android O(8.x) and P(9.0) - Unauthenticated USB Configuration Change
CVSS 7.5
CVE-2019-20533 LOW
Samsung Android N(7.x) O(8.x) P(9.0) - Unauthenticated App Launch via S Secure
CVSS 3.3
CVE-2019-20489 CRITICAL
NETGEAR WNR1000V4 1.1.0.54 - Unauthenticated Authentication Bypass via FW_remote.htm Cookie Handling
CVSS 9.8
CVE-2019-5165 HIGH
Moxa AWK-3131A Firmware 1.13 - Authentication Bypass via Hostname Processing
CVSS 7.2
CVE-2019-20481 CRITICAL
MIELE XGW 3000 ZigBee Gateway Firmware < 2.4.0 - Improper Authentication in Password Change Function
CVSS 9.8
CVE-2019-15299 HIGH
Centreon Web < 19.04.3 - Improper Authentication via Password Change
CVSS 8.8
CVE-2019-20046 CRITICAL
HUSKY RTU 6049-E70 Firmware <= 5.0 - Improper Authentication
CVSS 9.8
CVE-2019-3998 MEDIUM
SimpliSafe SS3 Firmware 1.4 - Unauthenticated Authentication Bypass via Alternate Path
CVSS 5.5
CVE-2019-14598 MEDIUM
Intel(R) CSME <14.0.10 - Privilege Escalation
CVSS 6.7
CVE-2019-6744 MEDIUM
Samsung Knox 1.2.02.39 - Unauthenticated Sensitive Information Disclosure via Secure Folder Lock Screen Bypass
CVSS 4.3
CVE-2019-20062 CRITICAL
YetiShare 3.5.2-4.5.4 - Unauthenticated Password Reset via Leaked Hash
CVSS 9.8
CVE-2019-15620 LOW
Nextcloud Talk < 6.0.4 - Unauthenticated Private Conversation Name Leak via Projects Feature
CVSS 2.7
CVE-2019-15617 MEDIUM
Nextcloud Server < 17.0.1 - Improper Authentication via Second Factor Setup
CVSS 5.4
CVE-2019-15615 MEDIUM
Nextcloud Android App < 3.9.0 - Lock Protection Bypass via System Time Manipulation
CVSS 6.1
CVE-2019-15585 CRITICAL
GitLab < 12.3.2, < 12.2.6, and < 12.1.12 - Account Takeover via SAML Validation Issue
CVSS 9.8
CVE-2019-19825 CRITICAL
TOTOLINK Realtek SDK Routers - CAPTCHA Bypass via getSanvas POST Request
CVSS 9.8
CVE-2019-3997 MEDIUM
SimpliSafe SS3 Firmware 1.0-1.3 - Unauthenticated Authentication Bypass via Rogue Keypad Pairing
CVSS 4.6
CVE-2019-19857 MEDIUM
Serpico 1.3.0 - Improper Authentication via Alternative Password Change Interface
CVSS 6.5
CVE-2019-17023 MEDIUM
Firefox < 72.0 - Denial of Service via TLS State Machine Mismanagement
CVSS 6.5
CVE-2019-19518 CRITICAL
CA Automic Sysload 5.6.0-6.1.2 - Unauthenticated Remote Code Execution via File Server Port
CVSS 9.8
CVE-2019-20360 HIGH
GiveWP < 2.5.5 - Unauthenticated Authentication Bypass via API Key Manipulation
CVSS 7.5
CVE-2019-6854 HIGH
EcoStruxure Geo SCADA Expert <1 Jan 2019 - Improper Authentication
CVSS 7.8
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits