1203 vulnerabilities classified as CWE-287 (认证机制不恰当). AI Chinese analysis included.
CWE-287 represents a critical authentication weakness where a system fails to adequately verify the identity of an actor claiming a specific identity. This flaw typically allows attackers to bypass security controls by exploiting insufficient verification mechanisms, enabling unauthorized access through stolen credentials, brute-force attacks, or session hijacking. When authentication logic is flawed, malicious entities can impersonate legitimate users, leading to severe data breaches and privilege escalation. Developers mitigate this risk by implementing robust, multi-factor authentication protocols and ensuring that identity verification processes are rigorous and resistant to common attack vectors. By strictly validating credentials against secure, hashed databases and employing adaptive security measures, organizations can significantly reduce the likelihood of unauthorized access, thereby protecting sensitive information and maintaining system integrity against sophisticated cyber threats.
my $q = new CGI; if ($q->cookie('loggedin') ne "true") { if (! AuthenticateUser($q->param('username'), $q->param('password'))) { ExitError("Error: you need to log in first"); } else { # Set loggedin and user cookies. $q->cookie( -name => 'loggedin', -value => 'true' ); $q->cookie( -name => 'user', -value => $q->param('username') ); } } if ($q->cookie('user') eq "Administrator") { DoAdministratorTasks(); }GET /cgi-bin/vulnerable.cgi HTTP/1.1 Cookie: user=Administrator Cookie: loggedin=true [body of request]| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2019-3825 | GNOME Display Manager 授权问题漏洞 — gdm | 5.7 | - | 2019-02-06 |
| CVE-2018-17928 | ABB CMS-770 授权问题漏洞 — CMS-770 | 4.6 | - | 2019-01-31 |
| CVE-2018-17926 | ABB M2M ETHERNET FW 授权问题漏洞 — M2M ETHERNET | 4.3 | - | 2019-01-31 |
| CVE-2018-16886 | etcd 授权问题漏洞 — etcd: | 8.1 | - | 2019-01-14 |
| CVE-2018-15721 | Logitech Harmony Hub XMPP服务器安全漏洞 — Logitech Harmony Hub | 9.8 | - | 2018-12-20 |
| CVE-2018-13804 | Siemens SIMATIC IT LMS、SIMATIC IT Production Suite和SIMATIC IT UA Discrete Manufacturing 授权问题漏洞 — SIMATIC IT LMS, SIMATIC IT Production Suite, SIMATIC IT UA Discrete Manufacturing, SIMATIC IT UA Discrete Manufacturing, SIMATIC IT UA Discrete Manufacturing, SIMATIC IT UA Discrete Manufacturing, SIMATIC IT UA Discrete Manufacturing | 8.1 | - | 2018-12-13 |
| CVE-2018-14637 | Red Hat keycloak 安全漏洞 — keycloak | 5.9 | - | 2018-11-30 |
| CVE-2016-2125 | Samba 输入验证错误漏洞 — samba | 8.1 | - | 2018-10-31 |
| CVE-2018-16464 | Nextcloud Server 授权问题漏洞 — Nextcloud Server | 6.3 | - | 2018-10-30 |
| CVE-2018-16465 | Nextcloud Server 授权问题漏洞 — Nextcloud Server | 5.3 | - | 2018-10-30 |
| CVE-2018-17923 | GAIN SAGA1-L Series产品授权问题漏洞 — SAGA1-L8B | 6.4 | - | 2018-10-24 |
| CVE-2018-0435 | Cisco Umbrella API Unauthorized Access Vulnerability — Cisco Umbrella | 5.4 | - | 2018-10-05 |
| CVE-2018-12472 | Authentication bypass in sibling check — SMT | 8.2 | - | 2018-10-04 |
| CVE-2018-14826 | Entes EMG12 安全漏洞 — EMG12 | 9.8 | - | 2018-10-02 |
| CVE-2017-14026 | Ice Qube Thermal Management Center 安全漏洞 — Thermal Management Center | 7.5 | - | 2018-09-06 |
| CVE-2018-14805 | ABB eSOMS 授权问题漏洞 — ABB eSOMS | 8.1 | - | 2018-08-29 |
| CVE-2018-14786 | 多款BD产品授权问题漏洞 — Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA | 9.8 | - | 2018-08-23 |
| CVE-2017-16748 | Tridium Niagara AX Framework和Niagara 4 Framework 授权问题漏洞 — Niagara AX Framework and Niagara 4 Framework | 7.8 | - | 2018-08-20 |
| CVE-2018-3775 | Nextcloud Server 授权问题漏洞 — Nextcloud Server | 8.8 | - | 2018-08-12 |
| CVE-2017-12195 | Openshift Enterprise 授权问题漏洞 — OpenShift | 4.8 | - | 2018-07-27 |
| CVE-2018-5387 | Wizkunde SAMLBase 数据伪造问题漏洞 — SAMLBase | 7.5 | - | 2018-07-24 |
| CVE-2018-3761 | Nextcloud Server 安全漏洞 — Nextcloud Server | 9.1 | - | 2018-07-05 |
| CVE-2018-4856 | Siemens SICLOCK TC100和SICLOCK TC400 安全漏洞 — SICLOCK TC100, SICLOCK TC400 | 4.9 | - | 2018-07-03 |
| CVE-2018-0362 | Cisco 5000 Series Enterprise Network Compute System和UCS E-Series Servers 授权问题漏洞 — Cisco 5000 Series Enterprise Network Compute System and Cisco UCS E-Series Servers unknown | 7.3 | - | 2018-06-21 |
| CVE-2018-0321 | Cisco Prime Collaboration Provisioning 授权问题漏洞 — Cisco Prime Collaboration Provisioning unknown | 9.8 | - | 2018-06-07 |
| CVE-2017-7931 | ABB IP GATEWAY 安全漏洞 — ABB IP GATEWAY | 9.1 | - | 2018-06-06 |
| CVE-2018-10597 | 多款Philips产品授权问题漏洞 — IntelliVue Patient Monitors, Avalon Fetal/Maternal Monitors | 8.0 | - | 2018-06-05 |
| CVE-2018-10611 | GE MDS PulseNET和MDS PulseNET Enterprise 授权问题漏洞 — MDS PulseNET and MDS PulseNET Enterprise | 9.8 | - | 2018-06-04 |
| CVE-2018-8862 | 多款Acoustic产品授权问题漏洞 — Emergency Mass Notification Systems | 3.1 | - | 2018-05-25 |
| CVE-2018-0271 | Cisco Digital Network Architecture Center API gateway 授权问题漏洞 — Cisco Digital Network Architecture Center | 9.8 | - | 2018-05-17 |
Vulnerabilities classified as CWE-287 (认证机制不恰当) represent 1203 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.