CWE-287
Improper Authentication
Description
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-114 · CAPEC-115 · CAPEC-151 · CAPEC-194 · CAPEC-22 · CAPEC-57 · CAPEC-593 · CAPEC-633 · CAPEC-650 · CAPEC-94
CVEs mapped to this weakness (2,419)
page 23 of 121| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-0311 | — | Cri | 0.57 | 9.8 | 0.01 | Jan 15, 2023 | Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | |
| CVE-2022-43685 | Hig | 0.57 | 8.8 | 0.01 | Nov 22, 2022 | CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts. | ||
| CVE-2022-37298 | — | Cri | 0.57 | 9.8 | 0.02 | Oct 20, 2022 | Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring… | |
| CVE-2022-36436 | — | Cri | 0.57 | 9.8 | 0.02 | Sep 14, 2022 | OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitimate user from a VNC… | |
| CVE-2022-2818 | Cri | 0.57 | 9.8 | 0.01 | Aug 15, 2022 | Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2. | ||
| CVE-2021-43415 | — | Hig | 0.57 | 8.8 | 0.01 | Dec 3, 2021 | HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1. | |
| CVE-2021-43786 | Cri | 0.57 | 9.8 | 0.02 | Nov 29, 2021 | Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as… | ||
| CVE-2021-41745 | — | Cri | 0.57 | 9.8 | 0.01 | Oct 22, 2021 | ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions. | |
| CVE-2021-26077 | Hig | 0.57 | 8.8 | 0.01 | May 10, 2021 | Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the… | ||
| CVE-2020-27846 | — | Cri | 0.57 | 9.8 | 0.05 | Dec 21, 2020 | A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |
| CVE-2020-26214 | — | Cri | 0.57 | 9.1 | 0.66 | Nov 6, 2020 | In Alerta before version 8.1.0, users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deployments where LDAP servers are configured to allow unauthenticated authentication… | |
| CVE-2020-17510 | — | Cri | 0.57 | 9.8 | 0.09 | Nov 5, 2020 | Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. | |
| CVE-2020-2301 | Cri | 0.57 | 9.8 | 0.02 | Nov 4, 2020 | Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode. | ||
| CVE-2020-2300 | Cri | 0.57 | 9.8 | 0.02 | Nov 4, 2020 | Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server. | ||
| CVE-2020-2299 | Cri | 0.57 | 9.8 | 0.01 | Nov 4, 2020 | Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password. | ||
| CVE-2020-24660 | — | Cri | 0.57 | 9.8 | 0.02 | Sep 14, 2020 | An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package. | |
| CVE-2017-18908 | — | Cri | 0.57 | 9.8 | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address. | |
| CVE-2016-11074 | — | Cri | 0.57 | 9.8 | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused. | |
| CVE-2018-21246 | — | Cri | 0.57 | 9.8 | 0.03 | Jun 15, 2020 | Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode. | |
| CVE-2019-20786 | — | Cri | 0.57 | 9.8 | 0.03 | Apr 19, 2020 | handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a check for application data with epoch 0, which allows remote attackers to inject arbitrary unencrypted data after handshake completion. |
- risk 0.57cvss 9.8epss 0.01
Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
- risk 0.57cvss 8.8epss 0.01
CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.
- risk 0.57cvss 9.8epss 0.02
Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring…
- risk 0.57cvss 9.8epss 0.02
OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitimate user from a VNC…
- risk 0.57cvss 9.8epss 0.01
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2.
- risk 0.57cvss 8.8epss 0.01
HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.
- risk 0.57cvss 9.8epss 0.02
Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as…
- risk 0.57cvss 9.8epss 0.01
ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions.
- risk 0.57cvss 8.8epss 0.01
Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the…
- risk 0.57cvss 9.8epss 0.05
A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
- risk 0.57cvss 9.1epss 0.66
In Alerta before version 8.1.0, users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deployments where LDAP servers are configured to allow unauthenticated authentication…
- risk 0.57cvss 9.8epss 0.09
Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
- risk 0.57cvss 9.8epss 0.02
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode.
- risk 0.57cvss 9.8epss 0.02
Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server.
- risk 0.57cvss 9.8epss 0.01
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password.
- risk 0.57cvss 9.8epss 0.02
An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package.
- risk 0.57cvss 9.8epss 0.01
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.
- risk 0.57cvss 9.8epss 0.01
An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.
- risk 0.57cvss 9.8epss 0.03
Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.
- risk 0.57cvss 9.8epss 0.03
handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a check for application data with epoch 0, which allows remote attackers to inject arbitrary unencrypted data after handshake completion.