CWE-287
Improper Authentication
Description
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-114 · CAPEC-115 · CAPEC-151 · CAPEC-194 · CAPEC-22 · CAPEC-57 · CAPEC-593 · CAPEC-633 · CAPEC-650 · CAPEC-94
CVEs mapped to this weakness (2,419)
page 119 of 121| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-4747 | 0.00 | — | 0.03 | Sep 6, 2007 | The telnet service in Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier does not require… | |||
| CVE-2007-4632 | 0.00 | — | 0.01 | Aug 31, 2007 | Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal… | |||
| CVE-2007-4548 | 0.00 | — | 0.04 | Aug 27, 2007 | The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username… | |||
| CVE-2007-4438 | 0.00 | — | 0.01 | Aug 20, 2007 | Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors. | |||
| CVE-2007-4364 | 0.00 | — | 0.03 | Aug 15, 2007 | Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain… | |||
| CVE-2007-4203 | 0.00 | — | 0.02 | Aug 8, 2007 | Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter. | |||
| CVE-2007-3988 | 0.00 | — | 0.01 | Jul 25, 2007 | Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||
| CVE-2007-3597 | 0.00 | — | 0.02 | Jul 6, 2007 | Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter. | |||
| CVE-2007-3184 | 0.00 | — | 0.01 | Jun 12, 2007 | Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification… | |||
| CVE-2007-3177 | 0.00 | — | 0.01 | Jun 11, 2007 | Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter. | |||
| CVE-2007-3050 | 0.00 | — | 0.02 | Jun 6, 2007 | Session fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||
| CVE-2007-2719 | 0.00 | — | 0.04 | May 16, 2007 | Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie. | |||
| CVE-2007-2555 | 0.00 | — | 0.01 | May 9, 2007 | Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site… | |||
| CVE-2007-2546 | 0.00 | — | 0.01 | May 9, 2007 | Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||
| CVE-2007-1859 | 0.00 | — | 0.00 | May 2, 2007 | XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to… | |||
| CVE-2007-2277 | 0.00 | — | 0.01 | Apr 25, 2007 | Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||
| CVE-2007-2243 | 0.00 | — | 0.02 | Apr 25, 2007 | OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483. | |||
| CVE-2007-1949 | 0.00 | — | 0.01 | Apr 11, 2007 | Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | |||
| CVE-2007-1951 | 0.00 | — | 0.01 | Apr 11, 2007 | Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. | |||
| CVE-2007-1952 | 0.00 | — | 0.01 | Apr 11, 2007 | Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. |
- CVE-2007-4747Sep 6, 2007risk 0.00cvss —epss 0.03
The telnet service in Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier does not require…
- CVE-2007-4632Aug 31, 2007risk 0.00cvss —epss 0.01
Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal…
- CVE-2007-4548Aug 27, 2007risk 0.00cvss —epss 0.04
The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username…
- CVE-2007-4438Aug 20, 2007risk 0.00cvss —epss 0.01
Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors.
- CVE-2007-4364Aug 15, 2007risk 0.00cvss —epss 0.03
Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain…
- CVE-2007-4203Aug 8, 2007risk 0.00cvss —epss 0.02
Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter.
- CVE-2007-3988Jul 25, 2007risk 0.00cvss —epss 0.01
Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
- CVE-2007-3597Jul 6, 2007risk 0.00cvss —epss 0.02
Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter.
- CVE-2007-3184Jun 12, 2007risk 0.00cvss —epss 0.01
Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification…
- CVE-2007-3177Jun 11, 2007risk 0.00cvss —epss 0.01
Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter.
- CVE-2007-3050Jun 6, 2007risk 0.00cvss —epss 0.02
Session fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
- CVE-2007-2719May 16, 2007risk 0.00cvss —epss 0.04
Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie.
- CVE-2007-2555May 9, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site…
- CVE-2007-2546May 9, 2007risk 0.00cvss —epss 0.01
Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
- CVE-2007-1859May 2, 2007risk 0.00cvss —epss 0.00
XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to…
- CVE-2007-2277Apr 25, 2007risk 0.00cvss —epss 0.01
Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
- CVE-2007-2243Apr 25, 2007risk 0.00cvss —epss 0.02
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
- CVE-2007-1949Apr 11, 2007risk 0.00cvss —epss 0.01
Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
- CVE-2007-1951Apr 11, 2007risk 0.00cvss —epss 0.01
Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
- CVE-2007-1952Apr 11, 2007risk 0.00cvss —epss 0.01
Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.