CWE-287
Improper Authentication
ClassDraftLikelihood: High
Description
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-114 · CAPEC-115 · CAPEC-151 · CAPEC-194 · CAPEC-22 · CAPEC-57 · CAPEC-593 · CAPEC-633 · CAPEC-650 · CAPEC-94
CVEs mapped to this weakness (1,669)
page 84 of 84| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2003-1475 | 0.00 | — | 0.01 | Dec 31, 2003 | Netbus 1.5 through 1.7 allows more than one client to be connected at the same time, but only prompts the first connection for authentication, which allows remote attackers to gain access. | ||
| CVE-2003-0216 | 0.00 | — | 0.00 | May 12, 2003 | Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password. | ||
| CVE-2002-2279 | 0.00 | — | 0.01 | Dec 31, 2002 | Unspecified vulnerability in the bind function in config.inc of aldap 0.09 allows remote attackers to authenticate with Manager permissions. | ||
| CVE-2002-2397 | 0.00 | — | 0.01 | Dec 31, 2002 | Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0. | ||
| CVE-2002-0507 | 0.00 | — | 0.01 | Aug 12, 2002 | An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA. | ||
| CVE-2001-1585 | 0.00 | — | 0.00 | Dec 31, 2001 | SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file. | ||
| CVE-1999-0987 | 0.00 | — | 0.06 | Nov 18, 1999 | Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name. | ||
| CVE-1999-0680 | 0.00 | — | 0.06 | Aug 9, 1999 | Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service. | ||
| CVE-1999-0366 | 0.00 | — | 0.06 | Feb 8, 1999 | In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value. |