VYPR

CWE-287

Improper Authentication

ClassDraftLikelihood: High

Description

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-114 · CAPEC-115 · CAPEC-151 · CAPEC-194 · CAPEC-22 · CAPEC-57 · CAPEC-593 · CAPEC-633 · CAPEC-650 · CAPEC-94

CVEs mapped to this weakness (2,419)

page 7 of 121
  • CVE-2024-12287CriDec 18, 2024
    risk 0.64cvss 9.8epss 0.01

    The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers…

  • CVE-2024-11015CriDec 12, 2024
    risk 0.64cvss 9.8epss 0.01

    The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticate_user' user function not implementing sufficient null value checks when setting the access token and user information.…

  • CVE-2020-36832CriOct 16, 2024
    risk 0.64cvss 9.8epss 0.01

    The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for unauthenticated attackers to login as any user, including the site administrator with a default user ID of 1, via…

  • CVE-2024-41798CriOct 8, 2024
    risk 0.64cvss 9.8epss 0.01

    A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface could easily bypass this protection by…

  • CVE-2024-5432CriJun 20, 2024
    risk 0.64cvss 9.8epss 0.01

    The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.6. This is due to insufficient verification on the user being supplied during the checkout through the plugin. This makes it possible for unauthenticated…

  • CVE-2024-37019CriJun 3, 2024
    risk 0.64cvss 9.8epss 0.01

    Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication.

  • CVE-2024-3263CriMay 14, 2024
    risk 0.64cvss 9.8epss 0.01

    YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force attacks.…

  • CVE-2023-51484CriApr 25, 2024
    risk 0.64cvss 9.8epss 0.01

    Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from n/a through 3.8.

  • CVE-2023-51482CriApr 25, 2024
    risk 0.64cvss 9.9epss 0.01

    Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Eazy Plugin Manager: from n/a through 4.1.2.

  • CVE-2023-51478CriApr 25, 2024
    risk 0.64cvss 9.8epss 0.01

    Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19.

  • CVE-2023-51477CriApr 24, 2024
    risk 0.64cvss 9.8epss 0.01

    Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Theme allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyBoss Theme: from n/a through 2.4.60.

  • CVE-2023-51472CriApr 24, 2024
    risk 0.64cvss 9.8epss 0.01

    Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7.

  • CVE-2024-1148CriMar 21, 2024
    risk 0.64cvss 9.8epss 0.01

    Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and uploading of files.

  • CVE-2024-1147CriMar 21, 2024
    risk 0.64cvss 9.8epss 0.01

    Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and download of files.

  • CVE-2023-49340CriMar 9, 2024
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to escalate privileges and bypass authentication via incorrect access control in the web management portal.

  • CVE-2023-2437CriNov 22, 2023
    risk 0.64cvss 9.8epss 0.07

    The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers…

  • CVE-2023-4669CriSep 14, 2023
    risk 0.64cvss 9.8epss 0.01

    Authentication Bypass by Assumed-Immutable Data vulnerability in Exagate SYSGuard 3001 allows Authentication Bypass. This issue affects SYSGuard 3001: before 3.2.20.0.

  • CVE-2023-2499CriMay 16, 2023
    risk 0.64cvss 9.8epss 0.01

    The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it possible for…

  • CVE-2023-2297CriApr 27, 2023
    risk 0.64cvss 9.8epss 0.01

    The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the…

  • CVE-2023-24831CriApr 17, 2023
    risk 0.64cvss 9.8epss 0.01

    Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4.