VYPR

CWE-287

Improper Authentication

ClassDraftLikelihood: High

Description

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-114 · CAPEC-115 · CAPEC-151 · CAPEC-194 · CAPEC-22 · CAPEC-57 · CAPEC-593 · CAPEC-633 · CAPEC-650 · CAPEC-94

CVEs mapped to this weakness (2,419)

page 40 of 121
  • CVE-2018-12472HigOct 4, 2018
    risk 0.48cvss 7.3epss 0.02

    A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.

  • CVE-2017-7930HigAug 25, 2017
    risk 0.48cvss 7.4epss 0.02

    An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective.

  • CVE-2017-2101HigApr 28, 2017
    risk 0.48cvss 7.3epss 0.01

    Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors.

  • CVE-2017-6967HigMar 17, 2017
    risk 0.48cvss 7.3epss 0.01

    xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass.

  • CVE-2016-1502HigFeb 7, 2017
    risk 0.48cvss 7.3epss 0.02

    NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors.

  • CVE-2016-6474HigDec 14, 2016
    risk 0.48cvss 7.3epss 0.01

    A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on an affected system. More Information: CSCuv89417. Known Affected Releases:…

  • CVE-2016-4860HigSep 19, 2016
    risk 0.48cvss 7.3epss 0.03

    Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of service via a (1) stop application program, (2) change value, or (3) modify…

  • CVE-2016-0755HigJan 29, 2016
    risk 0.48cvss 7.3epss 0.09

    The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.

  • CVE-2015-1772HigDec 21, 2015
    risk 0.48cvss 7.3epss 0.07

    The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to…

  • CVE-2026-10777HigJun 3, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08. Affected by this issue is some unknown functionality of the file admin/config.php of the component Administrative Backend. Such manipulation leads to improper…

  • CVE-2026-10619HigJun 2, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was detected in sayan365 student-management-system up to 7f3c9ce7d410332335c2affac93a385485051800. This impacts an unknown function. The manipulation results in improper authentication. The attack can be executed remotely. The exploit is now public and may be…

  • CVE-2026-10617HigJun 2, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the…

  • CVE-2026-10288HigJun 1, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function password_verify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. It is…

  • CVE-2026-10243HigJun 1, 2026
    risk 0.47cvss 7.3epss 0.01

    A security vulnerability has been detected in code-projects Smart Parking System 1.0. Affected is an unknown function of the component Admin Endpoint. Such manipulation leads to missing authentication. It is possible to launch the attack remotely. The exploit has been disclosed…

  • CVE-2026-10167HigMay 31, 2026
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function sign_auth_cookie of the file application/controllers/Login.php of the component MY_Controller. Executing a…

  • CVE-2026-8321HigMay 11, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate…

  • CVE-2026-8216HigMay 10, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function iasServerRemoteInterface.doAction of the component Java RMI Session Management. Such manipulation leads to improper authentication. The attack can be launched…

  • CVE-2026-7710HigMay 4, 2026
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper…

  • CVE-2026-7679HigMay 3, 2026
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in…

  • CVE-2026-7042HigApr 26, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function create_app of the file backend/app/__init__.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The…