CWE-287
Improper Authentication
ClassDraftLikelihood: High
Description
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-114 · CAPEC-115 · CAPEC-151 · CAPEC-194 · CAPEC-22 · CAPEC-57 · CAPEC-593 · CAPEC-633 · CAPEC-650 · CAPEC-94
CVEs mapped to this weakness (1,670)
page 7 of 84| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-8861 | Cri | 0.64 | 9.8 | 0.01 | Nov 22, 2017 | Missing authentication for the remote configuration port 1236/tcp on the Cohu 3960HD allows an attacker to change configuration parameters such as IP address and username/password via specially crafted XML SOAP packets. | |
| CVE-2017-16566 | Cri | 0.64 | 9.8 | 0.01 | Nov 17, 2017 | On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). This can be abused to take full root level control of the device. | |
| CVE-2017-16634 | Cri | 0.64 | 9.8 | 0.00 | Nov 10, 2017 | In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method. | |
| CVE-2017-2864 | Cri | 0.64 | 9.8 | 0.01 | Nov 7, 2017 | An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be returned to the attacker resulting in authentication bypass. An attacker can send a series of packets to trigger this vulnerability. | |
| CVE-2017-1000154 | Cri | 0.64 | 9.8 | 0.01 | Nov 3, 2017 | Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara's built-in login form, still allowing users to log in even if their institution was expired or suspended. | |
| CVE-2017-15295 | Cri | 0.64 | 9.8 | 0.01 | Oct 16, 2017 | Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064. | |
| CVE-2017-15293 | Cri | 0.64 | 9.8 | 0.01 | Oct 16, 2017 | Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064. | |
| CVE-2016-5791 | Cri | 0.64 | 9.8 | 0.00 | Oct 13, 2017 | An Improper Authentication issue was discovered in JanTek JTC-200, all versions. The improper authentication could provide an undocumented BusyBox Linux shell accessible over the TELNET service without any authentication. | |
| CVE-2017-14003 | Cri | 0.64 | 9.8 | 0.01 | Oct 11, 2017 | An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions 6.01.00/29.03.2007 and prior versions. An improper authentication vulnerability has been identified, which, if exploited, would allow an attacker with the same IP address to bypass authentication by accessing a specific uniform resource locator. | |
| CVE-2016-8937 | Cri | 0.64 | 9.8 | 0.00 | Oct 5, 2017 | The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750. | |
| CVE-2017-12819 | Cri | 0.64 | 9.8 | 0.00 | Oct 4, 2017 | Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55. | |
| CVE-2017-12236 | Cri | 0.64 | 9.8 | 0.03 | Sep 29, 2017 | A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier (EID) to a Routing Locator (RLOC) in the map server/map resolver (MS/MR). The vulnerability is due to a logic error introduced via a code regression for the affected software. An attacker could exploit this vulnerability by sending specific valid map-registration requests, which will be accepted by the MS/MR even if the authentication keys do not match, to the affected software. A successful exploit could allow the attacker to inject invalid mappings of EIDs to RLOCs in the MS/MR of the affected software. This vulnerability affects Cisco devices that are configured with LISP acting as an IPv4 or IPv6 map server. This vulnerability affects Cisco IOS XE Software release trains 3.9E and Everest 16.4. Cisco Bug IDs: CSCvc18008. | |
| CVE-2017-12229 | Cri | 0.64 | 9.8 | 0.09 | Sep 29, 2017 | A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software. The vulnerability is due to insufficient input validation for the REST API of the affected software. An attacker could exploit this vulnerability by sending a malicious API request to an affected device. A successful exploit could allow the attacker to bypass authentication and gain access to the web UI of the affected software. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration UI was introduced in the Denali 16.2 Release of Cisco IOS XE Software. This vulnerability does not affect the web-based administration UI in earlier releases of Cisco IOS XE Software. Cisco Bug IDs: CSCuz46036. | |
| CVE-2017-14080 | Cri | 0.64 | 9.8 | 0.03 | Sep 22, 2017 | Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password. | |
| CVE-2017-7649 | Cri | 0.64 | 9.8 | 0.00 | Sep 11, 2017 | The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox "exec" command. As the process is running as "root" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address. | |
| CVE-2015-3442 | Cri | 0.64 | 9.8 | 0.02 | Sep 7, 2017 | Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call. | |
| CVE-2015-7746 | Cri | 0.64 | 9.8 | 0.01 | Sep 1, 2017 | NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language. | |
| CVE-2017-12698 | Cri | 0.64 | 9.8 | 0.05 | Aug 30, 2017 | An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authentication bypass that could allow remote code execution. | |
| CVE-2015-1401 | Cri | 0.64 | 9.8 | 0.02 | Aug 28, 2017 | Improper Authentication vulnerability in the "LDAP / SSO Authentication" (ig_ldap_sso_auth) extension 2.0.0 for TYPO3. | |
| CVE-2016-4460 | Cri | 0.64 | 9.8 | 0.01 | Aug 22, 2017 | Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication. |