CWE-287
Improper Authentication
Description
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-114 · CAPEC-115 · CAPEC-151 · CAPEC-194 · CAPEC-22 · CAPEC-57 · CAPEC-593 · CAPEC-633 · CAPEC-650 · CAPEC-94
CVEs mapped to this weakness (2,419)
page 87 of 121| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1128 | Hig | 0.00 | 7.5 | 0.01 | Jul 10, 2018 | It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and… | ||
| CVE-2018-10861 | Hig | 0.00 | 8.1 | 0.03 | Jul 10, 2018 | A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected. | ||
| CVE-2018-1082 | — | Hig | 0.00 | 8.1 | 0.02 | Apr 4, 2018 | A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site. | |
| CVE-2017-6199 | Cri | 0.00 | 9.8 | 0.03 | Feb 6, 2018 | A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field. | ||
| CVE-2015-6389 | 0.00 | — | 0.03 | Dec 13, 2015 | Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account's password, aka Bug ID CSCus62707. | |||
| CVE-2015-7285 | 0.00 | — | 0.01 | Nov 25, 2015 | CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center (ARC) servers, which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response. | |||
| CVE-2015-1810 | 0.00 | — | 0.02 | Oct 16, 2015 | The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name. | |||
| CVE-2015-7361 | 0.00 | — | 0.03 | Oct 15, 2015 | FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via… | |||
| CVE-2015-5649 | 0.00 | — | 0.01 | Oct 8, 2015 | Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain… | |||
| CVE-2015-5372 | 0.00 | — | 0.01 | Sep 28, 2015 | The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider (IdP), which allows remote attackers to… | |||
| CVE-2015-6280 | 0.00 | — | 0.04 | Sep 28, 2015 | The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly implement RSA authentication,… | |||
| CVE-2015-5998 | 0.00 | — | 0.03 | Sep 14, 2015 | Impero Education Pro before 5105 relies on the -1|AUTHENTICATE\x02PASSWORD string for authentication, which allows remote attackers to execute arbitrary programs via an encrypted command. | |||
| CVE-2015-6266 | 0.00 | — | 0.02 | Aug 28, 2015 | The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045. | |||
| CVE-2014-3612 | 0.00 | — | 0.07 | Aug 24, 2015 | The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.… | |||
| CVE-2015-3775 | 0.00 | — | 0.00 | Aug 16, 2015 | Apple OS X before 10.10.5 does not properly implement authentication, which allows local users to obtain admin privileges via unspecified vectors. | |||
| CVE-2015-2978 | 0.00 | — | 0.01 | Jul 29, 2015 | Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation." | |||
| CVE-2015-4453 | 0.00 | — | 0.03 | Jul 5, 2015 | interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2)… | |||
| CVE-2015-1330 | 0.00 | — | 0.01 | Jul 1, 2015 | unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages… | |||
| CVE-2014-4882 | 0.00 | — | 0.02 | Jun 23, 2015 | Aptexx Resident Anywhere does not require authentication, which allows remote attackers to obtain sensitive information or modify data via a direct request. | |||
| CVE-2015-2823 | 0.00 | — | 0.02 | Apr 8, 2015 | Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA… |
- risk 0.00cvss 7.5epss 0.01
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and…
- risk 0.00cvss 8.1epss 0.03
A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.
- risk 0.00cvss 8.1epss 0.02
A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site.
- risk 0.00cvss 9.8epss 0.03
A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field.
- CVE-2015-6389Dec 13, 2015risk 0.00cvss —epss 0.03
Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account's password, aka Bug ID CSCus62707.
- CVE-2015-7285Nov 25, 2015risk 0.00cvss —epss 0.01
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center (ARC) servers, which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response.
- CVE-2015-1810Oct 16, 2015risk 0.00cvss —epss 0.02
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name.
- CVE-2015-7361Oct 15, 2015risk 0.00cvss —epss 0.03
FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via…
- CVE-2015-5649Oct 8, 2015risk 0.00cvss —epss 0.01
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain…
- CVE-2015-5372Sep 28, 2015risk 0.00cvss —epss 0.01
The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider (IdP), which allows remote attackers to…
- CVE-2015-6280Sep 28, 2015risk 0.00cvss —epss 0.04
The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly implement RSA authentication,…
- CVE-2015-5998Sep 14, 2015risk 0.00cvss —epss 0.03
Impero Education Pro before 5105 relies on the -1|AUTHENTICATE\x02PASSWORD string for authentication, which allows remote attackers to execute arbitrary programs via an encrypted command.
- CVE-2015-6266Aug 28, 2015risk 0.00cvss —epss 0.02
The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045.
- CVE-2014-3612Aug 24, 2015risk 0.00cvss —epss 0.07
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.…
- CVE-2015-3775Aug 16, 2015risk 0.00cvss —epss 0.00
Apple OS X before 10.10.5 does not properly implement authentication, which allows local users to obtain admin privileges via unspecified vectors.
- CVE-2015-2978Jul 29, 2015risk 0.00cvss —epss 0.01
Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation."
- CVE-2015-4453Jul 5, 2015risk 0.00cvss —epss 0.03
interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2)…
- CVE-2015-1330Jul 1, 2015risk 0.00cvss —epss 0.01
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages…
- CVE-2014-4882Jun 23, 2015risk 0.00cvss —epss 0.02
Aptexx Resident Anywhere does not require authentication, which allows remote attackers to obtain sensitive information or modify data via a direct request.
- CVE-2015-2823Apr 8, 2015risk 0.00cvss —epss 0.02
Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA…