1203 vulnerabilities classified as CWE-287 (认证机制不恰当). AI Chinese analysis included.
CWE-287 represents a critical authentication weakness where a system fails to adequately verify the identity of an actor claiming a specific identity. This flaw typically allows attackers to bypass security controls by exploiting insufficient verification mechanisms, enabling unauthorized access through stolen credentials, brute-force attacks, or session hijacking. When authentication logic is flawed, malicious entities can impersonate legitimate users, leading to severe data breaches and privilege escalation. Developers mitigate this risk by implementing robust, multi-factor authentication protocols and ensuring that identity verification processes are rigorous and resistant to common attack vectors. By strictly validating credentials against secure, hashed databases and employing adaptive security measures, organizations can significantly reduce the likelihood of unauthorized access, thereby protecting sensitive information and maintaining system integrity against sophisticated cyber threats.
my $q = new CGI; if ($q->cookie('loggedin') ne "true") { if (! AuthenticateUser($q->param('username'), $q->param('password'))) { ExitError("Error: you need to log in first"); } else { # Set loggedin and user cookies. $q->cookie( -name => 'loggedin', -value => 'true' ); $q->cookie( -name => 'user', -value => $q->param('username') ); } } if ($q->cookie('user') eq "Administrator") { DoAdministratorTasks(); }GET /cgi-bin/vulnerable.cgi HTTP/1.1 Cookie: user=Administrator Cookie: loggedin=true [body of request]| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2017-9625 | Envitech EnviDAS Ultimate 授权问题漏洞 — Envitech Ltd. EnviDAS Ultimate | 8.2 | - | 2017-10-17 |
| CVE-2017-13995 | iniNet Solutions iniNet Webserver 授权问题漏洞 — iniNet Solutions GmbH SCADA Webserver | 10.0 | - | 2017-10-04 |
| CVE-2017-14000 | Ctek SkyRouter Series 4200和4400 授权问题漏洞 — Ctek, Inc. SkyRouter | 9.4 | - | 2017-10-04 |
| CVE-2017-12229 | Cisco IOS XE 授权问题漏洞 — Cisco IOS XE | 9.8 | - | 2017-09-28 |
| CVE-2017-12236 | Cisco IOS XE 授权问题漏洞 — Cisco IOS XE | 9.8 | - | 2017-09-28 |
| CVE-2017-12213 | Cisco Catalyst 4000 Series Switches IOS XE Software 安全漏洞 — Cisco Catalyst 4000 Series Switches | 6.5 | - | 2017-09-07 |
| CVE-2017-12225 | Cisco Prime LAN Management Solution 安全漏洞 — Cisco Prime LAN Management Solution | 9.4 | - | 2017-09-07 |
| CVE-2017-12698 | Advantech WebAccess 授权问题漏洞 — Advantech WebAccess | 9.8 | - | 2017-08-30 |
| CVE-2017-7930 | OSIsoft PI Server 2017 PI Data Archive PI Network Manager 授权问题漏洞 — OSIsoft PI Server 2017 | 7.4 | - | 2017-08-25 |
| CVE-2017-7934 | OSIsoft PI Server 2017 PI Data Archive PI Network Manager 授权问题漏洞 — OSIsoft PI Server 2017 | 5.9 | - | 2017-08-25 |
| CVE-2017-7557 | dnsdist 安全漏洞 — dnsdist | 8.8 | - | 2017-08-22 |
| CVE-2017-7420 | Micro Focus Enterprise Developer和Enterprise Server ESMAC 权限许可和访问控制漏洞 — Micro Focus Enterprise Developer, Micro Focus Enterprise Server | 9.1 | - | 2017-08-21 |
| CVE-2017-7546 | PostgreSQL 安全漏洞 — postgresql | 9.8 | - | 2017-08-16 |
| CVE-2017-11151 | Synology Photo Station 安全漏洞 — Synology Photo Station | 9.8 | - | 2017-08-08 |
| CVE-2017-6869 | Siemens ViewPort for Web Office Portal 安全漏洞 — ViewPort for Web Office Portal before revision number 1453 | 9.8 | - | 2017-08-08 |
| CVE-2017-9939 | Siemens SiPass integrated 授权问题漏洞 — SiPass integrated All versions before V2.70 | 9.8 | - | 2017-08-08 |
| CVE-2017-7920 | ABB VSN300 WiFi Logger Card和VSN300 WiFi Logger Card for React 安全漏洞 — ABB VSN300 WiFi Logger Card | 7.5 | - | 2017-08-07 |
| CVE-2017-9630 | 多款PDQ产品安全漏洞 — PDQ Manufacturing, Inc. LaserWash, Laser Jet and ProTouch | 9.8 | - | 2017-08-07 |
| CVE-2017-6747 | 多款Cisco产品authentication模块授权问题漏洞 — Cisco Identity Services Engine | 9.8 | - | 2017-08-07 |
| CVE-2017-6868 | Siemens SIMATIC CP 44x-1 RNA 授权问题漏洞 — Siemens SIMATIC CP 44x-1 Redundant Network Access Modules | 8.1 | - | 2017-07-07 |
| CVE-2017-6711 | Cisco Ultra Services Framework 授权问题漏洞 — Cisco Ultra Services Framework | 8.2 | - | 2017-07-06 |
| CVE-2017-7919 | Newport XPS-Cx和XPS-Qx 授权问题漏洞 — Newport XPS-Cx, XPS-Qx | 9.8 | - | 2017-07-03 |
| CVE-2017-3167 | Apache httpd 安全漏洞 — Apache HTTP Server | 9.8 | - | 2017-06-20 |
| CVE-2017-7937 | Phoenix Contact GmbH mGuard 授权问题漏洞 — Phoenix Contact GmbH mGuard | 8.9 | - | 2017-05-19 |
| CVE-2017-7921 | 多款Hikvision产品安全漏洞 — Hikvision Cameras | 10.0 | - | 2017-05-06 |
| CVE-2017-6617 | Cisco Integrated Management Controller 安全漏洞 — Cisco Integrated Management Controller | 5.4 | - | 2017-04-20 |
| CVE-2017-3791 | Cisco Prime Home 安全漏洞 — Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1 | 9.8 | - | 2017-02-01 |
| CVE-2014-5412 | Schneider Electric SCADA Expert ClearSCADA Improper Authentication — ClearSCADA | 6.5 | - | 2014-09-18 |
| CVE-2014-0760 | Festo CECX-X-(C1/M1) Controller Improper Authentication — CECX-X-C1 Modular Master Controller with CoDeSys | 9.8 | - | 2014-04-25 |
| CVE-2014-0769 | Festo CECX-X-(C1/M1) Controller Improper Authentication — CECX-X-C1 Modular Master Controller with CoDeSys | 7.5 | - | 2014-04-25 |
Vulnerabilities classified as CWE-287 (认证机制不恰当) represent 1203 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.