VYPR

CWE-287

Improper Authentication

ClassDraftLikelihood: High

Description

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-114 · CAPEC-115 · CAPEC-151 · CAPEC-194 · CAPEC-22 · CAPEC-57 · CAPEC-593 · CAPEC-633 · CAPEC-650 · CAPEC-94

CVEs mapped to this weakness (2,419)

page 76 of 121
  • CVE-2008-7007Aug 19, 2009
    risk 0.03cvss epss 0.03

    Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and gain administrative access by setting the (1) admin_name and (2) admin_pass cookie values to 1.

  • CVE-2008-6965Aug 13, 2009
    risk 0.03cvss epss 0.03

    AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to (1) site.php, (2) auction.php, (3)…

  • CVE-2008-6939Aug 12, 2009
    risk 0.03cvss epss 0.03

    TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username.

  • CVE-2008-6919Aug 10, 2009
    risk 0.03cvss epss 0.03

    profileedit.php TaskDriver 1.3 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "fook!admin."

  • CVE-2008-6916Aug 7, 2009
    risk 0.03cvss epss 0.04

    Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname.

  • CVE-2009-2642Jul 28, 2009
    risk 0.03cvss epss 0.02

    index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting the logged cookie to 1 and the uid cookie to an integer value, as demonstrated by a value of 13.

  • CVE-2008-6864Jul 14, 2009
    risk 0.03cvss epss 0.03

    Xigla Software Absolute Live Support .NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

  • CVE-2008-6863Jul 14, 2009
    risk 0.03cvss epss 0.03

    Xigla Software Absolute Form Processor .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

  • CVE-2008-6862Jul 14, 2009
    risk 0.03cvss epss 0.03

    Absolute Content Rotator 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

  • CVE-2008-6861Jul 14, 2009
    risk 0.03cvss epss 0.03

    Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

  • CVE-2008-6860Jul 14, 2009
    risk 0.03cvss epss 0.03

    Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

  • CVE-2008-6859Jul 14, 2009
    risk 0.03cvss epss 0.03

    Xigla Software Absolute Control Panel XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

  • CVE-2008-6858Jul 14, 2009
    risk 0.03cvss epss 0.03

    Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

  • CVE-2008-6857Jul 14, 2009
    risk 0.03cvss epss 0.03

    Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

  • CVE-2008-6856Jul 14, 2009
    risk 0.03cvss epss 0.03

    Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

  • CVE-2008-6855Jul 14, 2009
    risk 0.03cvss epss 0.03

    Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a certain cookie.

  • CVE-2008-6854Jul 14, 2009
    risk 0.03cvss epss 0.03

    Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.

  • CVE-2009-2328Jul 5, 2009
    risk 0.03cvss epss 0.01

    admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks via the del_user_id parameter.

  • CVE-2009-2233Jun 26, 2009
    risk 0.03cvss epss 0.03

    The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1.

  • CVE-2009-2231Jun 26, 2009
    risk 0.03cvss epss 0.03

    MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie.