VYPR

CWE-287

Improper Authentication

ClassDraftLikelihood: High

Description

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-114 · CAPEC-115 · CAPEC-151 · CAPEC-194 · CAPEC-22 · CAPEC-57 · CAPEC-593 · CAPEC-633 · CAPEC-650 · CAPEC-94

CVEs mapped to this weakness (2,419)

page 38 of 121
  • CVE-2017-2297HigFeb 1, 2018
    risk 0.49cvss 7.5epss 0.01

    Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 and 2017.2.1. This only affects users with labeled tokens, which is not the default…

  • CVE-2015-6926HigJan 19, 2018
    risk 0.49cvss 7.5epss 0.01

    The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token.

  • CVE-2017-12316HigNov 16, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login…

  • CVE-2017-12281HigNov 2, 2017
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and…

  • CVE-2017-5635HigOct 19, 2017
    risk 0.49cvss 7.5epss 0.03

    In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user.

  • CVE-2017-15297HigOct 16, 2017
    risk 0.49cvss 7.5epss 0.03

    SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993.

  • CVE-2017-14972HigOct 9, 2017
    risk 0.49cvss 7.5epss 0.01

    InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file.

  • CVE-2017-14766HigSep 27, 2017
    risk 0.49cvss 7.5epss 0.02

    The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fn_ssr_add_st_submit() function and fn_ssr_del_st_submit() function in functions.php only require knowing the student id number.

  • CVE-2017-9803HigSep 18, 2017
    risk 0.49cvss 7.5epss 0.02

    Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using SecurityAwareZkACLProvider type of ACL provider e.g.…

  • CVE-2014-9624HigSep 12, 2017
    risk 0.49cvss 7.5epss 0.03

    CAPTCHA bypass vulnerability in MantisBT before 1.2.19.

  • CVE-2017-7920HigAug 7, 2017
    risk 0.49cvss 7.5epss 0.03

    An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access…

  • CVE-2017-1000068HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.02

    TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disablement feature resulting in the ability to disable arbitrary running splits and cause denial of service to clients in the field.

  • CVE-2016-8951HigJul 13, 2017
    risk 0.49cvss 7.5epss 0.03

    IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to a denial of service attack. An attacker can exploit a vulnerability in the authentication features that could log out users and flood user accounts with emails. IBM X-Force ID: 118838.

  • CVE-2017-8495HigJul 11, 2017
    risk 0.49cvss 7.5epss 0.05

    Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to…

  • CVE-2017-7660HigJul 7, 2017
    risk 0.49cvss 7.5epss 0.06

    Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe…

  • CVE-2017-1264HigJul 5, 2017
    risk 0.49cvss 7.5epss 0.02

    IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 124739.

  • CVE-2015-2800HigJun 8, 2017
    risk 0.49cvss 7.5epss 0.02

    The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving…

  • CVE-2017-5237HigMar 27, 2017
    risk 0.49cvss 7.5epss 0.02

    Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!"

  • CVE-2016-1888HigFeb 15, 2017
    risk 0.49cvss 7.5epss 0.02

    The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arguments to login and bypass authentication via vectors involving a "sequence of memory allocation failures."

  • CVE-2016-7141HigOct 3, 2016
    risk 0.49cvss 7.5epss 0.08

    curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no…