CWE-287
DiscouragedImproper Authentication
Abstraction: Class · Status: Draft
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
5966 vulnerabilities reference this CWE, most recent first.
GHSA-GXP5-MV27-VJCJ
Vulnerability from github – Published: 2026-01-13 14:56 – Updated: 2026-01-21 16:23Vulnerability
https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy#L682-L684
https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy#L720-L722
AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation.
Impact
Severity is considered low for internal uses of this library but if there's any consumer using these methods directly then this is considered critical.
Unlikely to matter due to the design of how AES-256-CBC is used in conjunction with RSA and SHA-256 checksum within Jervis.
Jervis uses RSA to encrypt AES keys and a SHA-256 checksum of the encrypted data in local-only storage inaccessible from the web. After asymmetric decryption and before symmetric decryption, a SHA-256 checksum is performed on the metadata and encrypted data. All encrypted data is discarded if the checksum does not match without attempting to decrypt since the encrypted data is assumed invalid. The data stored is GitHub App authentication tokens which will expire within one hour.
Patches
Jervis patch will migrate from AES/CBC/PKCS5Padding to AES/GCM/NoPadding.
Upgrade to Jervis 2.2.
Workarounds
None
References
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "net.gleske:jervis"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-68931"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-327"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-13T14:56:49Z",
"nvd_published_at": "2026-01-13T20:16:07Z",
"severity": "HIGH"
},
"details": "### Vulnerability\n\nhttps://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy#L682-L684\n\nhttps://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy#L720-L722\n\n`AES/CBC/PKCS5Padding` lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation.\n\n### Impact\n\nSeverity is considered low for internal uses of this library but if there\u0027s any consumer using these methods directly then this is considered critical.\n\nUnlikely to matter due to the design of how AES-256-CBC is used in conjunction with RSA and SHA-256 checksum within Jervis.\n\nJervis uses RSA to encrypt AES keys and a SHA-256 checksum of the encrypted data in local-only storage inaccessible from the web. After asymmetric decryption and before symmetric decryption, a SHA-256 checksum is performed on the metadata and encrypted data. All encrypted data is discarded if the checksum does not match without attempting to decrypt since the encrypted data is assumed invalid. The data stored is GitHub App authentication tokens which will expire within one hour.\n\n### Patches\n\nJervis patch will migrate from `AES/CBC/PKCS5Padding` to `AES/GCM/NoPadding`.\n\nUpgrade to Jervis 2.2.\n\n### Workarounds\n\nNone\n\n### References\n\n- [Padding Oracle Attacks](https://en.wikipedia.org/wiki/Padding_oracle_attack)",
"id": "GHSA-gxp5-mv27-vjcj",
"modified": "2026-01-21T16:23:42Z",
"published": "2026-01-13T14:56:49Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/samrocketman/jervis/security/advisories/GHSA-gxp5-mv27-vjcj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68931"
},
{
"type": "WEB",
"url": "https://github.com/samrocketman/jervis/commit/c3981ff71de7b0f767dfe7b37a2372cb2a51974a"
},
{
"type": "PACKAGE",
"url": "https://github.com/samrocketman/jervis"
},
{
"type": "WEB",
"url": "https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy#L682-L684"
},
{
"type": "WEB",
"url": "https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy#L720-L722"
},
{
"type": "WEB",
"url": "http://github.com/samrocketman/jervis/commit/c3981ff71de7b0f767dfe7b37a2372cb2a51974a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Jervis\u0027s AES CBC Mode is Without Authentication"
}
GHSA-GXPJ-X43J-Q24C
Vulnerability from github – Published: 2022-05-14 02:02 – Updated: 2022-05-14 02:02A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing.
{
"affected": [],
"aliases": [
"CVE-2018-13821"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-30T14:29:00Z",
"severity": "CRITICAL"
},
"details": "A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing.",
"id": "GHSA-gxpj-x43j-q24c",
"modified": "2022-05-14T02:02:06Z",
"published": "2022-05-14T02:02:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13821"
},
{
"type": "WEB",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105199"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GXPM-C49G-8Q5R
Vulnerability from github – Published: 2022-06-18 00:00 – Updated: 2022-07-01 00:01A vulnerability classified as problematic has been found in GE Voluson S8. Affected is the file /uscgi-bin/users.cgi of the Service Browser. The manipulation leads to improper authentication and elevated access possibilities. It is possible to launch the attack on the local host.
{
"affected": [],
"aliases": [
"CVE-2020-36548"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-17T13:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability classified as problematic has been found in GE Voluson S8. Affected is the file /uscgi-bin/users.cgi of the Service Browser. The manipulation leads to improper authentication and elevated access possibilities. It is possible to launch the attack on the local host.",
"id": "GHSA-gxpm-c49g-8q5r",
"modified": "2022-07-01T00:01:14Z",
"published": "2022-06-18T00:00:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36548"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.129834"
},
{
"type": "WEB",
"url": "https://www.scip.ch/?news.20200701"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GXVQ-R3PX-2779
Vulnerability from github – Published: 2022-05-17 01:31 – Updated: 2022-05-17 01:31The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly handle user tokens, which allows remote attackers to cause a denial of service (intermittent MainApp hang) via a crafted management-interface connection request, aka Bug ID CSCuf20148.
{
"affected": [],
"aliases": [
"CVE-2013-5497"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-09-19T18:55:00Z",
"severity": "MODERATE"
},
"details": "The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly handle user tokens, which allows remote attackers to cause a denial of service (intermittent MainApp hang) via a crafted management-interface connection request, aka Bug ID CSCuf20148.",
"id": "GHSA-gxvq-r3px-2779",
"modified": "2022-05-17T01:31:22Z",
"published": "2022-05-17T01:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5497"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87280"
},
{
"type": "WEB",
"url": "http://osvdb.org/97525"
},
{
"type": "WEB",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5497"
},
{
"type": "WEB",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30913"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/62517"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1029057"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GXW4-RXHH-R3FV
Vulnerability from github – Published: 2022-05-17 00:35 – Updated: 2025-04-20 03:46An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication.
{
"affected": [],
"aliases": [
"CVE-2017-13983"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-30T01:29:00Z",
"severity": "CRITICAL"
},
"details": "An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication.",
"id": "GHSA-gxw4-rxhh-r3fv",
"modified": "2025-04-20T03:46:05Z",
"published": "2022-05-17T00:35:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13983"
},
{
"type": "WEB",
"url": "https://softwaresupport.hpe.com/km/KM02942065"
},
{
"type": "WEB",
"url": "https://www.auscert.org.au/bulletins/52154"
},
{
"type": "WEB",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-17-722"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GXX4-R6P9-84CG
Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2024-04-04 01:45A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to gain full administrative access to the affected device.
{
"affected": [],
"aliases": [
"CVE-2019-1974"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-21T19:15:00Z",
"severity": "CRITICAL"
},
"details": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to gain full administrative access to the affected device.",
"id": "GHSA-gxx4-r6p9-84cg",
"modified": "2024-04-04T01:45:08Z",
"published": "2022-05-24T16:54:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1974"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authbypass"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H23X-694W-XF68
Vulnerability from github – Published: 2022-05-14 02:50 – Updated: 2022-05-14 02:50The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string.
{
"affected": [],
"aliases": [
"CVE-2014-7858"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-25T18:29:00Z",
"severity": "CRITICAL"
},
"details": "The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string.",
"id": "GHSA-h23x-694w-xf68",
"modified": "2022-05-14T02:50:59Z",
"published": "2022-05-14T02:50:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7858"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/132075/D-Link-Bypass-Buffer-Overflow.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2015/May/125"
},
{
"type": "WEB",
"url": "http://www.search-lab.hu/media/D-Link_Security_advisory_3_0_public.pdf"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/535626/100/200/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/74886"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H25G-6X79-H5Q2
Vulnerability from github – Published: 2022-07-26 00:00 – Updated: 2022-08-03 00:00An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to gain access to the system with the highest authority possible and gain full control over the FileWave platform.
{
"affected": [],
"aliases": [
"CVE-2022-34907"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-25T21:15:00Z",
"severity": "CRITICAL"
},
"details": "An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to gain access to the system with the highest authority possible and gain full control over the FileWave platform.",
"id": "GHSA-h25g-6x79-h5q2",
"modified": "2022-08-03T00:00:55Z",
"published": "2022-07-26T00:00:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34907"
},
{
"type": "WEB",
"url": "https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm"
},
{
"type": "WEB",
"url": "https://kb.filewave.com/pages/viewpage.action?pageId=55544244"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H28C-39H5-C348
Vulnerability from github – Published: 2025-05-05 18:32 – Updated: 2025-11-03 21:33BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions.
{
"affected": [],
"aliases": [
"CVE-2025-0217"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-05T17:18:46Z",
"severity": "HIGH"
},
"details": "BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions.",
"id": "GHSA-h28c-39h5-c348",
"modified": "2025-11-03T21:33:47Z",
"published": "2025-05-05T18:32:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0217"
},
{
"type": "WEB",
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-03"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/May/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-H2HC-3HMW-FMQ5
Vulnerability from github – Published: 2022-05-02 03:32 – Updated: 2024-02-13 18:38cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters.
{
"affected": [],
"aliases": [
"CVE-2009-2168"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-06-22T20:30:00Z",
"severity": "HIGH"
},
"details": "cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters.",
"id": "GHSA-h2hc-3hmw-fmq5",
"modified": "2024-02-13T18:38:21Z",
"published": "2022-05-02T03:32:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2168"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/8865"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Libraries or Frameworks
Use an authentication framework or library such as the OWASP ESAPI Authentication feature.
CAPEC-114: Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.
CAPEC-115: Authentication Bypass
An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.
CAPEC-151: Identity Spoofing
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.
CAPEC-194: Fake the Source of Data
An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
CAPEC-22: Exploiting Trust in Client
An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.
CAPEC-593: Session Hijacking
This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.
CAPEC-633: Token Impersonation
An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.
CAPEC-650: Upload a Web Shell to a Web Server
By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.
CAPEC-94: Adversary in the Middle (AiTM)
An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.