CWE-287— Improper Authentication

Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1.

Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos…

filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a su…

The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin…

IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application…

Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.

Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.

Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknown impact and attack vectors related to an "auth vulnerability."

The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to …

Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative a…

ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked…

OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-…

Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user.

hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action.

login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter valu…

S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie.

The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expira…

The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout.

The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecifie…

Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie.

The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP requ…

Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attribut…

pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to …

includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter.

Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1."

The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at a…

AGTC MyShop 3.2b allows remote attackers to bypass authentication and obtain administrative access setting the log_accept cookie to "correcto."

Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie.

index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values.

Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords…

Teraway LinkTracker 1.0 allows remote attackers to bypass authentication and gain administrative access via a userid=1&lvl=1 value for the twLTadmin cookie.

Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie.

Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1.

ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (sess…

Techno Dreams Job Career Package 3.0 allows remote attackers to bypass authentication and obtain administrative access by setting the JobCareerAdmin cookie to Login.

myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassw…

user/index.php in TCPDB 3.8 does not require administrative authentication, which allows remote attackers to add admin accounts via unspecified vectors. NOTE: some of these details are obtained from third party information.

The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's i…

modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action.

modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action.

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-mid…

Million Dollar Text Links 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the userid cookie to 1.

Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors.

The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and…

Ascad Networks Password Protector SD 1.3.1 allows remote attackers to bypass authentication and gain administrative access by setting the (1) c7portal and (2) cookname cookies to "admin."

admin/options.php in Grestul 1.2 does not properly restrict access, which allows remote attackers to bypass authentication and create administrative accounts via a manage_admin action in a direct request.

Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web …

Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by m…

Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script b…