VYPR

CWE-287

Improper Authentication

ClassDraftLikelihood: High

Description

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-114 · CAPEC-115 · CAPEC-151 · CAPEC-194 · CAPEC-22 · CAPEC-57 · CAPEC-593 · CAPEC-633 · CAPEC-650 · CAPEC-94

CVEs mapped to this weakness (2,419)

page 61 of 121
  • CVE-2025-10288MedSep 12, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was found in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. The impacted element is an unknown function of the file /user/info/list. Performing manipulation results in improper authentication. It is possible to initiate the attack remotely. The…

  • CVE-2025-8964MedAug 14, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was identified in code-projects Hostel Management System 1.0. This affects an unknown part of the file hostel_manage.exe of the component Login. The manipulation leads to improper authentication. It is possible to launch the attack on the local host. The exploit…

  • CVE-2025-5876MedJun 9, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability classified as problematic was found in Lucky LM-520-SC, LM-520-FSC and LM-520-FSC-SAM up to 20250321. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authentication. The attack can be launched remotely. The exploit…

  • CVE-2025-5872MedJun 9, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was found in eGauge EG3000 Energy Monitor 3.6.3. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit…

  • CVE-2025-5871MedJun 9, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was found in Papendorf SOL Connect Center 3.3.0.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to missing authentication. The attack may be launched remotely. The…

  • CVE-2025-5437MedJun 2, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability classified as critical has been found in Multilaser Sirius RE016 MLT1.0. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Password Change Handler. The manipulation leads to improper authentication. It is possible to launch the…

  • CVE-2025-22232MedApr 10, 2025
    risk 0.34cvss 5.3epss 0.00

    Spring Cloud Config Server may not use Vault token sent by clients using a X-CONFIG-TOKEN header when making requests to Vault. Your application may be affected by this if the following are true: * You have Spring Vault on the classpath of your Spring Cloud Config Server and…

  • CVE-2025-2344MedMar 16, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability, which was classified as critical, has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this issue is some unknown functionality of the component API Endpoint. The manipulation leads to missing authentication. The attack may be launched…

  • CVE-2024-5174MedFeb 24, 2025
    risk 0.34cvss epss 0.00

    A flaw in Gliffy results in broken authentication through the reset functionality of the application.

  • CVE-2024-10620MedNov 1, 2024
    risk 0.34cvss 5.3epss 0.01

    A vulnerability was found in knightliao Disconf 2.6.36. It has been classified as critical. This affects an unknown part of the file /api/config/list of the component Configuration Center. The manipulation leads to improper authentication. It is possible to initiate the attack…

  • CVE-2024-44202MedSep 17, 2024
    risk 0.34cvss 5.3epss 0.01

    An authentication issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication.

  • CVE-2023-25790MedApr 24, 2024
    risk 0.34cvss 5.3epss 0.01

    Improper Authentication, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart allows Cross-Site Scripting (XSS).This issue affects WoodMart: from n/a through 7.0.4.

  • CVE-2024-2244MedMar 27, 2024
    risk 0.34cvss 5.3epss 0.00

    REST service authentication anomaly with “valid username/no password” credential combination for batch job processing resulting in successful service invocation. The anomaly doesn’t exist with other credential combinations.

  • CVE-2022-44595MedMar 21, 2024
    risk 0.34cvss 5.3epss 0.00

    Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0.

  • CVE-2023-4939MedOct 21, 2023
    risk 0.34cvss 5.3epss 0.01

    The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. This is due to the use of a weak authentication token for the /wp-json/salesmanago/v1/callbackApiV3 API endpoint which is simply a SHA1 hash of the site URL and client ID…

  • CVE-2022-43690MedNov 14, 2022
    risk 0.34cvss 6.3epss 0.01

    Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this functionality. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.

  • CVE-2018-10825MedMay 15, 2018
    risk 0.34cvss 5.3epss 0.00

    Mimo Baby 2 devices do not use authentication or encryption for the Bluetooth Low Energy (BLE) communication from a Turtle to a Lilypad, which allows attackers to inject fake information about the position and temperature of a baby via a replay or spoofing attack.

  • CVE-2017-15272MedNov 15, 2017
    risk 0.34cvss 5.3epss 0.01

    The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data.…

  • CVE-2017-6781MedAug 17, 2017
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The…

  • CVE-2026-4583MedMar 23, 2026
    risk 0.33cvss 5.0epss 0.00

    A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this issue is some unknown functionality of the component Bluetooth Handler. Performing a manipulation results in authentication bypass by capture-replay. The attack must originate from the…