Common Weakness Enumeration

CWE-287

Discouraged

Improper Authentication

Abstraction: Class · Status: Draft

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

5970 vulnerabilities reference this CWE, most recent first.

GHSA-4257-QX96-MGCQ

Vulnerability from github – Published: 2025-03-21 15:31 – Updated: 2025-03-24 18:30
VLAI
Details

Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker can log in to any system account including the system administrator through a logical flaw.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-57490"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-21T14:15:15Z",
    "severity": "HIGH"
  },
  "details": "Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker can log in to any system account including the system administrator through a logical flaw.",
  "id": "GHSA-4257-qx96-mgcq",
  "modified": "2025-03-24T18:30:59Z",
  "published": "2025-03-21T15:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57490"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/NaliangzzZ/44bfcc1d9c2cf275d2b6683ca9e20980"
    },
    {
      "type": "WEB",
      "url": "https://www.ioffice.cn"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4286-H47H-M5V6

Vulnerability from github – Published: 2021-10-25 19:43 – Updated: 2023-09-21 22:49
VLAI
Summary
Showdoc File Upload Vulnerability
Details

A file upload vulnerability exists in Showdoc 2.8.3, which can be exploited by an attacker to gain server privileges.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "showdoc/showdoc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.8.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-41745"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-434"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-10-25T18:46:11Z",
    "nvd_published_at": "2021-10-22T12:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A file upload vulnerability exists in Showdoc 2.8.3, which can be exploited by an attacker to gain server privileges.",
  "id": "GHSA-4286-h47h-m5v6",
  "modified": "2023-09-21T22:49:27Z",
  "published": "2021-10-25T19:43:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41745"
    },
    {
      "type": "WEB",
      "url": "https://github.com/star7th/showdoc/commit/aec3df841958059c1db9ab1af25acc2af81e4e0e"
    },
    {
      "type": "WEB",
      "url": "https://github.com/purple-WL/SHOWDOC-file-upload-vulnerability"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/star7th/showdoc"
    },
    {
      "type": "WEB",
      "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-49480"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Showdoc File Upload Vulnerability"
}

GHSA-42G5-V694-J53W

Vulnerability from github – Published: 2022-05-17 01:37 – Updated: 2022-05-17 01:37
VLAI
Details

Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2012-6452"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-05-27T14:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests.",
  "id": "GHSA-42g5-v694-j53w",
  "modified": "2022-05-17T01:37:37Z",
  "published": "2022-05-17T01:37:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6452"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81388"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0076.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/57457"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-42GH-H7RJ-5V3M

Vulnerability from github – Published: 2026-04-20 00:30 – Updated: 2026-04-20 00:30
VLAI
Details

A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_details of the file superagi/controllers/vector_dbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-6582"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-19T23:16:34Z",
    "severity": "MODERATE"
  },
  "details": "A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_details of the file superagi/controllers/vector_dbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-42gh-h7rj-5v3m",
  "modified": "2026-04-20T00:30:13Z",
  "published": "2026-04-20T00:30:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6582"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/YLChen-007/f38b32a9cd0c9722e04a716ca4dbf9d5"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/791072"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/358217"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/358217/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-42GW-292W-C96G

Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33
VLAI
Details

openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf result in etcd being configured to allow remote users to connect without any authentication if they can access the etcd server bound to the network on the master nodes. An attacker could use this flaw to read and modify all the data about the Openshift cluster in the etcd datastore, potentially adding another compute node, or bringing down the entire cluster.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-1085"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-15T13:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf result in etcd being configured to allow remote users to connect without any authentication if they can access the etcd server bound to the network on the master nodes. An attacker could use this flaw to read and modify all the data about the Openshift cluster in the etcd datastore, potentially adding another compute node, or bringing down the entire cluster.",
  "id": "GHSA-42gw-292w-c96g",
  "modified": "2022-05-13T01:33:33Z",
  "published": "2022-05-13T01:33:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1085"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2013"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1085"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-42MC-FJX6-GH46

Vulnerability from github – Published: 2022-05-02 00:09 – Updated: 2022-05-02 00:09
VLAI
Details

changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-4427"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-10-03T22:22:00Z",
    "severity": "HIGH"
  },
  "details": "changepassword.php in Phlatline\u0027s Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords.",
  "id": "GHSA-42mc-fjx6-gh46",
  "modified": "2022-05-02T00:09:50Z",
  "published": "2022-05-02T00:09:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4427"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44389"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/6231"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31424"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/4349"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/30627"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-42MR-MFCR-7JQH

Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2024-04-04 05:30
VLAI
Details

The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-43557"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1299",
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-05T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The BD BodyGuard\u2122 infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump.",
  "id": "GHSA-42mr-mfcr-7jqh",
  "modified": "2024-04-04T05:30:45Z",
  "published": "2023-07-06T19:24:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43557"
    },
    {
      "type": "WEB",
      "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-bodyguard-pumps-rs-232-interface-vulnerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-42Q5-GVJ7-G3C2

Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-05-24 19:19
VLAI
Details

There is an Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22473"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-28T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "There is an Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.",
  "id": "GHSA-42q5-gvj7-g3c2",
  "modified": "2022-05-24T19:19:07Z",
  "published": "2022-05-24T19:19:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22473"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2021/7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-42VJ-QX64-FVC8

Vulnerability from github – Published: 2022-05-01 18:45 – Updated: 2025-04-09 03:53
VLAI
Details

DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2007-6714"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-04-17T22:05:00Z",
    "severity": "MODERATE"
  },
  "details": "DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.",
  "id": "GHSA-42vj-qx64-fvc8",
  "modified": "2025-04-09T03:53:48Z",
  "published": "2022-05-01T18:45:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6714"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41907"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00549.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00585.html"
    },
    {
      "type": "WEB",
      "url": "http://dbmail.org/index.php?page=news\u0026id=44"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/44561"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29903"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29937"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29984"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-24.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.mail-archive.com/dbmail-dev%40dbmail.org/msg09942.html"
    },
    {
      "type": "WEB",
      "url": "http://www.mail-archive.com/dbmail-dev@dbmail.org/msg09942.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/28849"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019914"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1321/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-432F-98H9-V2FW

Vulnerability from github – Published: 2022-05-14 01:56 – Updated: 2022-05-14 01:56
VLAI
Details

Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network connectivity, and trigger a connection to a crafted proxy server with an invalid SSL certificate that allows certification-manager access, leading to the ability to browse local files and execute local programs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-7572"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-12T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client\u0027s network connectivity, and trigger a connection to a crafted proxy server with an invalid SSL certificate that allows certification-manager access, leading to the ability to browse local files and execute local programs.",
  "id": "GHSA-432f-98h9-v2fw",
  "modified": "2022-05-14T01:56:13Z",
  "published": "2022-05-14T01:56:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7572"
    },
    {
      "type": "WEB",
      "url": "https://www.mdsec.co.uk/2018/09/advisory-cve-2018-7572-pulse-secure-client-authentication-bypass"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Libraries or Frameworks

Use an authentication framework or library such as the OWASP ESAPI Authentication feature.

CAPEC-114: Authentication Abuse

An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.

CAPEC-115: Authentication Bypass

An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.

CAPEC-151: Identity Spoofing

Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.

CAPEC-194: Fake the Source of Data

An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.

CAPEC-22: Exploiting Trust in Client

An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.

CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data

This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.

CAPEC-593: Session Hijacking

This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.

CAPEC-633: Token Impersonation

An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.

CAPEC-650: Upload a Web Shell to a Web Server

By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.

CAPEC-94: Adversary in the Middle (AiTM)

An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.