CWE-287
Improper Authentication
Description
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-114 · CAPEC-115 · CAPEC-151 · CAPEC-194 · CAPEC-22 · CAPEC-57 · CAPEC-593 · CAPEC-633 · CAPEC-650 · CAPEC-94
CVEs mapped to this weakness (2,419)
page 70 of 121| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-1080 | 0.09 | — | 0.77 | Mar 29, 2013 | The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary… | |||
| CVE-2009-0695 | 0.09 | — | 0.69 | Jun 19, 2012 | hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action. | |||
| CVE-2011-4051 | 0.09 | — | 0.70 | Dec 5, 2011 | CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control. | |||
| CVE-2008-3466 | 0.09 | — | 0.78 | Oct 15, 2008 | Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess… | |||
| CVE-2008-0960 | 0.09 | — | 0.69 | Jun 10, 2008 | SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2;… | |||
| CVE-2015-1486 | 0.08 | — | 0.64 | Aug 1, 2015 | The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session. | |||
| CVE-2014-8424 | 0.08 | — | 0.60 | Nov 28, 2014 | ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication. | |||
| CVE-2014-4725 | 0.08 | — | 0.60 | Jul 27, 2014 | The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in… | |||
| CVE-2010-4279 | 0.08 | — | 0.66 | Dec 2, 2010 | The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash… | |||
| CVE-2009-2936 | 0.08 | — | 0.64 | Apr 5, 2010 | The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code… | |||
| CVE-2008-4037 | 0.08 | — | 0.59 | Nov 12, 2008 | Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka… | |||
| CVE-2008-0926 | 0.08 | — | 0.58 | Mar 28, 2008 | The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or… | |||
| CVE-2001-0537 | 0.08 | — | 0.68 | Jul 21, 2001 | HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL. | |||
| CVE-2020-17523 | — | Cri | 0.07 | 9.8 | 0.86 | Feb 3, 2021 | Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. | |
| CVE-2012-6274 | 0.07 | — | 0.47 | Feb 24, 2013 | BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors. | |||
| CVE-2013-0209 | 0.07 | — | 0.45 | Jan 23, 2013 | lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated… | |||
| CVE-2012-2626 | 0.07 | — | 0.44 | Jul 31, 2012 | cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action. | |||
| CVE-2012-6066 | 0.06 | — | 0.40 | Dec 4, 2012 | freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c. | |||
| CVE-2012-5975 | 0.06 | — | 0.36 | Dec 4, 2012 | The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a… | |||
| CVE-2012-3137 | 0.06 | — | 0.31 | Sep 21, 2012 | The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to… |
- CVE-2013-1080Mar 29, 2013risk 0.09cvss —epss 0.77
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary…
- CVE-2009-0695Jun 19, 2012risk 0.09cvss —epss 0.69
hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action.
- CVE-2011-4051Dec 5, 2011risk 0.09cvss —epss 0.70
CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control.
- CVE-2008-3466Oct 15, 2008risk 0.09cvss —epss 0.78
Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess…
- CVE-2008-0960Jun 10, 2008risk 0.09cvss —epss 0.69
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2;…
- CVE-2015-1486Aug 1, 2015risk 0.08cvss —epss 0.64
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session.
- CVE-2014-8424Nov 28, 2014risk 0.08cvss —epss 0.60
ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication.
- CVE-2014-4725Jul 27, 2014risk 0.08cvss —epss 0.60
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in…
- CVE-2010-4279Dec 2, 2010risk 0.08cvss —epss 0.66
The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash…
- CVE-2009-2936Apr 5, 2010risk 0.08cvss —epss 0.64
The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code…
- CVE-2008-4037Nov 12, 2008risk 0.08cvss —epss 0.59
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka…
- CVE-2008-0926Mar 28, 2008risk 0.08cvss —epss 0.58
The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or…
- CVE-2001-0537Jul 21, 2001risk 0.08cvss —epss 0.68
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
- risk 0.07cvss 9.8epss 0.86
Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
- CVE-2012-6274Feb 24, 2013risk 0.07cvss —epss 0.47
BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors.
- CVE-2013-0209Jan 23, 2013risk 0.07cvss —epss 0.45
lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated…
- CVE-2012-2626Jul 31, 2012risk 0.07cvss —epss 0.44
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.
- CVE-2012-6066Dec 4, 2012risk 0.06cvss —epss 0.40
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
- CVE-2012-5975Dec 4, 2012risk 0.06cvss —epss 0.36
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a…
- CVE-2012-3137Sep 21, 2012risk 0.06cvss —epss 0.31
The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to…