Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-287 (认证机制不恰当) — Vulnerability Class 1203

1203 vulnerabilities classified as CWE-287 (认证机制不恰当). AI Chinese analysis included.

CWE-287 represents a critical authentication weakness where a system fails to adequately verify the identity of an actor claiming a specific identity. This flaw typically allows attackers to bypass security controls by exploiting insufficient verification mechanisms, enabling unauthorized access through stolen credentials, brute-force attacks, or session hijacking. When authentication logic is flawed, malicious entities can impersonate legitimate users, leading to severe data breaches and privilege escalation. Developers mitigate this risk by implementing robust, multi-factor authentication protocols and ensuring that identity verification processes are rigorous and resistant to common attack vectors. By strictly validating credentials against secure, hashed databases and employing adaptive security measures, organizations can significantly reduce the likelihood of unauthorized access, thereby protecting sensitive information and maintaining system integrity against sophisticated cyber threats.

MITRE CWE Description
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Common Consequences (1)
Integrity, Confidentiality, Availability, Access ControlRead Application Data, Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands
This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.
Mitigations (1)
Architecture and DesignUse an authentication framework or library such as the OWASP ESAPI Authentication feature.
Examples (2)
The following code intends to ensure that the user is already logged in. If not, the code performs authentication with the user-provided username and password. If successful, it sets the loggedin and user cookies to "remember" that the user has already logged in. Finally, the code performs administrator tasks if the logged-in user has the "Administrator" username, as recorded in the user cookie.
my $q = new CGI; if ($q->cookie('loggedin') ne "true") { if (! AuthenticateUser($q->param('username'), $q->param('password'))) { ExitError("Error: you need to log in first"); } else { # Set loggedin and user cookies. $q->cookie( -name => 'loggedin', -value => 'true' ); $q->cookie( -name => 'user', -value => $q->param('username') ); } } if ($q->cookie('user') eq "Administrator") { DoAdministratorTasks(); }
Bad · Perl
GET /cgi-bin/vulnerable.cgi HTTP/1.1 Cookie: user=Administrator Cookie: loggedin=true [body of request]
Attack
In January 2009, an attacker was able to gain administrator access to a Twitter server because the server did not restrict the number of login attempts [REF-236]. The attacker targeted a member of Twitter's support team and was able to successfully guess the member's password using a brute force attack by guessing a large number of common words. After gaining access as the member of the support st…
CVE IDTitleCVSSSeverityPublished
CVE-2018-0247 Cisco Wireless LAN Controller和Aironet Access Points 授权问题漏洞 — Cisco Wireless LAN Controller and Aironet Access Points 4.3 -2018-05-02
CVE-2017-12712 多款Abbott产品安全漏洞 — Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI. 8.8 -2018-04-25
CVE-2018-1112 glusterfs server 安全漏洞 — glusterfs 9.1 -2018-04-25
CVE-2018-1106 PackageKit 安全漏洞 — PackageKit 7.1 -2018-04-23
CVE-2018-0238 Cisco Unified Computing System Director 授权问题漏洞 — Cisco UCS Director 9.9 -2018-04-19
CVE-2017-12196 Red Hat Undertow 安全漏洞 — undertow 7.4 -2018-04-18
CVE-2018-3822 Elasticsearch X-Pack Security 路径遍历漏洞 — X-Pack Security 9.8 -2018-03-30
CVE-2018-0163 Cisco IOS Software 授权问题漏洞 — Cisco IOS 6.5 -2018-03-28
CVE-2018-0195 Cisco IOS XE Software REST API 授权问题漏洞 — Cisco IOS XE 8.8 -2018-03-28
CVE-2018-5451 Philips Alice 6 System 授权问题漏洞 — Philips Alice 6 System 9.8 -2018-03-28
CVE-2018-7532 Geutebrück G-Cam/EFD-2250和Topline TopFD-2125 授权问题漏洞 — Geutebrück G-Cam/EFD-2250 (part n° 5.02024) firmware and Topline TopFD-2125 (part n° 5.02820) firmware 9.8 -2018-03-22
CVE-2017-14002 GE Infinia/Infinia with Hawkeye 4 安全漏洞 — GE Infinia 9.8 -2018-03-20
CVE-2017-14004 GE 安全漏洞 — GE GEMNet License server aka. (EchoServer) 9.8 -2018-03-20
CVE-2017-14006 GE Xeleris 安全漏洞 — GE Xeleris 9.8 -2018-03-20
CVE-2017-14008 GE Centricity PACS RA1000 授权问题漏洞 — GE Centricity PACS RA1000 9.8 -2018-03-20
CVE-2017-2628 Red Hat Enterprise Linux 授权问题漏洞 — curl 9.8 -2018-03-12
CVE-2018-0087 Cisco Web Security Appliance FTP服务器安全漏洞 — Cisco Web Security Appliance 6.5 -2018-03-08
CVE-2018-0121 Cisco Elastic Services Controller Software 安全漏洞 — Cisco Elastic Services Controller 9.8 -2018-02-22
CVE-2018-5459 WAGO PFC200 Series 3S CoDeSys Runtime 授权问题漏洞 — WAGO PFC200 Series 9.8 -2018-02-13
CVE-2018-1163 Quest NetVault Backup 安全漏洞 — Quest NetVault Backup 8.1 -2018-02-08
CVE-2018-0116 Cisco Policy Suite RADIUS authentication模块安全漏洞 — Cisco Policy Suite 6.5 -2018-02-08
CVE-2018-4835 Siemens TeleControl Server Basic 安全漏洞 — TeleControl Server Basic 5.3 -2018-01-25
CVE-2018-4836 Siemens TeleControl Server Basic 安全漏洞 — TeleControl Server Basic 8.8 -2018-01-25
CVE-2017-15135 389-ds-base 授权问题漏洞 — 389-ds-base 8.1 -2018-01-24
CVE-2017-12695 General Motors和Shanghai OnStar iOS Client 安全漏洞 — General Motors and Shanghai OnStar (SOS) iOS Client 8.8 -2018-01-09
CVE-2017-14018 Ethicon Endo-Surgery Generator G11 授权问题漏洞 — Ethicon Endo-Surgery Generator G11 4.8 -2017-12-05
CVE-2017-12316 Cisco Identity Services Engine 安全漏洞 — Cisco Identity Services Engine 7.5 -2017-11-16
CVE-2017-12337 多款Cisco产品授权问题漏洞 — Cisco Voice Operating System 9.8 -2017-11-16
CVE-2017-12281 Cisco Aironet 1800、2800和3800 Series Access Points 安全漏洞 — Cisco Aironet 1800, 2800, and 3800 Series Access Points 7.5 -2017-11-02
CVE-2017-9946 Siemens APOGEE PXC BACnet Automation Controller和Siemens TALON TC BACnet Automation Controller 安全漏洞 — APOGEE PXC and TALON TC BACnet Automation Controllers All versions <V3.5 7.5 -2017-10-23

Vulnerabilities classified as CWE-287 (认证机制不恰当) represent 1203 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.