VYPR

CWE-287

Improper Authentication

ClassDraftLikelihood: High

Description

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-114 · CAPEC-115 · CAPEC-151 · CAPEC-194 · CAPEC-22 · CAPEC-57 · CAPEC-593 · CAPEC-633 · CAPEC-650 · CAPEC-94

CVEs mapped to this weakness (2,419)

page 16 of 121
  • CVE-2016-2403CriFeb 7, 2017
    risk 0.64cvss 9.8epss 0.03

    Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.

  • CVE-2017-2768CriFeb 3, 2017
    risk 0.64cvss 9.8epss 0.04

    EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains an Improper Authentication vulnerability that could potentially be exploited…

  • CVE-2017-2767CriFeb 3, 2017
    risk 0.64cvss 9.8epss 0.06

    EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains a Java RMI Remote Code Execution vulnerability that could potentially be…

  • CVE-2016-4322CriDec 13, 2016
    risk 0.64cvss 9.8epss 0.05

    BMC BladeLogic Server Automation (BSA) before 8.7 Patch 3 allows remote attackers to bypass authentication and consequently read arbitrary files or possibly have unspecified other impact by leveraging a "logic flaw" in the authentication process.

  • CVE-2016-2944CriNov 30, 2016
    risk 0.64cvss 9.8epss 0.02

    IBM BigFix Remote Control before 9.1.3 does not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.

  • CVE-2016-6452CriNov 3, 2016
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. Cisco Prime Home versions 5.1.1.6 and earlier and 5.2.2.2…

  • CVE-2016-6397CriOct 28, 2016
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to…

  • CVE-2016-5686CriOct 5, 2016
    risk 0.64cvss 9.8epss 0.05

    Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol.

  • CVE-2016-5086CriOct 5, 2016
    risk 0.64cvss 9.8epss 0.05

    Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks.

  • CVE-2016-0883CriSep 18, 2016
    risk 0.64cvss 9.8epss 0.01

    Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another…

  • CVE-2016-1279CriSep 9, 2016
    risk 0.64cvss 9.8epss 0.03

    J-Web in Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D25, 13.3 before 13.3R10, 13.3R9 before 13.3R9-S1, 14.1 before 14.1R7, 14.1X53 before 14.1X53-D35, 14.2 before 14.2R6, 15.1 before 15.1A2 or 15.1F4,…

  • CVE-2016-7112CriSep 6, 2016
    risk 0.64cvss 9.8epss 0.03

    A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03;…

  • CVE-2016-4503CriJul 12, 2016
    risk 0.64cvss 9.8epss 0.03

    Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value.

  • CVE-2016-0916CriJun 10, 2016
    risk 0.64cvss 9.8epss 0.08

    EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance.

  • CVE-2016-4422CriMay 6, 2016
    risk 0.64cvss 9.8epss 0.02

    The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account.

  • CVE-2016-1387CriMay 5, 2016
    risk 0.64cvss 9.8epss 0.02

    The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make…

  • CVE-2016-0733CriApr 12, 2016
    risk 0.64cvss 9.8epss 0.03

    The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid username.

  • CVE-2016-2245CriMar 19, 2016
    risk 0.64cvss 9.8epss 0.06

    HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors.

  • CVE-2016-1329CriMar 3, 2016
    risk 0.64cvss 9.8epss 0.04

    Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID…

  • CVE-2015-6314CriJan 15, 2016
    risk 0.64cvss 9.8epss 0.03

    Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bug ID CSCuw06153.