CWE-287
Improper Authentication
Description
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-114 · CAPEC-115 · CAPEC-151 · CAPEC-194 · CAPEC-22 · CAPEC-57 · CAPEC-593 · CAPEC-633 · CAPEC-650 · CAPEC-94
CVEs mapped to this weakness (2,419)
page 76 of 121| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-7007 | 0.03 | — | 0.03 | Aug 19, 2009 | Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and gain administrative access by setting the (1) admin_name and (2) admin_pass cookie values to 1. | |||
| CVE-2008-6965 | 0.03 | — | 0.03 | Aug 13, 2009 | AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to (1) site.php, (2) auction.php, (3)… | |||
| CVE-2008-6939 | 0.03 | — | 0.03 | Aug 12, 2009 | TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username. | |||
| CVE-2008-6919 | 0.03 | — | 0.03 | Aug 10, 2009 | profileedit.php TaskDriver 1.3 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "fook!admin." | |||
| CVE-2008-6916 | 0.03 | — | 0.04 | Aug 7, 2009 | Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname. | |||
| CVE-2009-2642 | 0.03 | — | 0.02 | Jul 28, 2009 | index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting the logged cookie to 1 and the uid cookie to an integer value, as demonstrated by a value of 13. | |||
| CVE-2008-6864 | 0.03 | — | 0.03 | Jul 14, 2009 | Xigla Software Absolute Live Support .NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||
| CVE-2008-6863 | 0.03 | — | 0.03 | Jul 14, 2009 | Xigla Software Absolute Form Processor .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||
| CVE-2008-6862 | 0.03 | — | 0.03 | Jul 14, 2009 | Absolute Content Rotator 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||
| CVE-2008-6861 | 0.03 | — | 0.03 | Jul 14, 2009 | Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||
| CVE-2008-6860 | 0.03 | — | 0.03 | Jul 14, 2009 | Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||
| CVE-2008-6859 | 0.03 | — | 0.03 | Jul 14, 2009 | Xigla Software Absolute Control Panel XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||
| CVE-2008-6858 | 0.03 | — | 0.03 | Jul 14, 2009 | Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||
| CVE-2008-6857 | 0.03 | — | 0.03 | Jul 14, 2009 | Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||
| CVE-2008-6856 | 0.03 | — | 0.03 | Jul 14, 2009 | Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||
| CVE-2008-6855 | 0.03 | — | 0.03 | Jul 14, 2009 | Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a certain cookie. | |||
| CVE-2008-6854 | 0.03 | — | 0.03 | Jul 14, 2009 | Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. | |||
| CVE-2009-2328 | 0.03 | — | 0.01 | Jul 5, 2009 | admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks via the del_user_id parameter. | |||
| CVE-2009-2233 | 0.03 | — | 0.03 | Jun 26, 2009 | The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1. | |||
| CVE-2009-2231 | 0.03 | — | 0.03 | Jun 26, 2009 | MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie. |
- CVE-2008-7007Aug 19, 2009risk 0.03cvss —epss 0.03
Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and gain administrative access by setting the (1) admin_name and (2) admin_pass cookie values to 1.
- CVE-2008-6965Aug 13, 2009risk 0.03cvss —epss 0.03
AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to (1) site.php, (2) auction.php, (3)…
- CVE-2008-6939Aug 12, 2009risk 0.03cvss —epss 0.03
TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username.
- CVE-2008-6919Aug 10, 2009risk 0.03cvss —epss 0.03
profileedit.php TaskDriver 1.3 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "fook!admin."
- CVE-2008-6916Aug 7, 2009risk 0.03cvss —epss 0.04
Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname.
- CVE-2009-2642Jul 28, 2009risk 0.03cvss —epss 0.02
index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting the logged cookie to 1 and the uid cookie to an integer value, as demonstrated by a value of 13.
- CVE-2008-6864Jul 14, 2009risk 0.03cvss —epss 0.03
Xigla Software Absolute Live Support .NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
- CVE-2008-6863Jul 14, 2009risk 0.03cvss —epss 0.03
Xigla Software Absolute Form Processor .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
- CVE-2008-6862Jul 14, 2009risk 0.03cvss —epss 0.03
Absolute Content Rotator 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
- CVE-2008-6861Jul 14, 2009risk 0.03cvss —epss 0.03
Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
- CVE-2008-6860Jul 14, 2009risk 0.03cvss —epss 0.03
Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
- CVE-2008-6859Jul 14, 2009risk 0.03cvss —epss 0.03
Xigla Software Absolute Control Panel XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
- CVE-2008-6858Jul 14, 2009risk 0.03cvss —epss 0.03
Absolute Banner Manager .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
- CVE-2008-6857Jul 14, 2009risk 0.03cvss —epss 0.03
Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
- CVE-2008-6856Jul 14, 2009risk 0.03cvss —epss 0.03
Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
- CVE-2008-6855Jul 14, 2009risk 0.03cvss —epss 0.03
Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a certain cookie.
- CVE-2008-6854Jul 14, 2009risk 0.03cvss —epss 0.03
Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
- CVE-2009-2328Jul 5, 2009risk 0.03cvss —epss 0.01
admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks via the del_user_id parameter.
- CVE-2009-2233Jun 26, 2009risk 0.03cvss —epss 0.03
The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1.
- CVE-2009-2231Jun 26, 2009risk 0.03cvss —epss 0.03
MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie.