目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-1390 类漏洞列表 66

CWE-1390 类弱点 66 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-1390 属于弱认证漏洞,指产品使用的认证机制无法充分验证用户身份的真实性。攻击者通常利用此缺陷,以较低成本或更快速度绕过身份验证,从而非法获取系统访问权限。开发者应避免使用默认凭证、简单密码或易被破解的算法,转而实施多因素认证、强密码策略及定期密钥轮换,确保身份验证过程具备足够的抗攻击能力。

MITRE CWE 官方描述
CWE:CWE-1390 Weak Authentication(弱认证) 英文:The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct. 译文:该产品使用一种认证机制来限制对特定用户或身份的访问,但该机制未能充分证明所声称的身份是正确的。 Attackers may be able to bypass weak authentication faster and/or with less effort than expected. 译文:攻击者可能能够比预期更快地和/或更轻松地绕过弱认证。
常见影响 (1)
Integrity, Confidentiality, Availability, Access ControlRead Application Data, Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands
This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.
代码示例 (1)
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these…
CVE ID标题CVSS风险等级Published
CVE-2026-44237 FreePBX 安全漏洞 — security-reporting--2026-05-29
CVE-2026-49323 Indian Motorcycle Scout Bobber + Tech 安全漏洞 — Scout Bobber + Tech 4.3 Medium2026-05-29
CVE-2026-49322 Indian Motorcycle Scout Bobber + Tech 安全漏洞 — Scout Bobber + Tech 4.3 Medium2026-05-29
CVE-2026-40417 Microsoft Dynamics 365 安全漏洞 — Microsoft Dynamics 365 Business Central 2024 Release Wave 2 7.8 High2026-05-12
CVE-2026-0204 SonicWALL SonicOS 访问控制错误漏洞 — SonicOS 9.1AICriticalAI2026-04-29
CVE-2026-6886 BorG SPM 安全漏洞 — Borg SPM 2007 9.8 Critical2026-04-23
CVE-2026-4924 Devolutions Server 安全漏洞 — Server 8.8AIHighAI2026-04-01
CVE-2026-4828 Devolutions Server 安全漏洞 — Server 8.1AIHighAI2026-04-01
CVE-2026-32497 WordPress plugin User Verification 安全漏洞 — User Verification 5.3 Medium2026-03-25
CVE-2025-62844 QNAP Systems QHora 安全漏洞 — QuRouter 5.5 -2026-03-20
CVE-2026-28710 Acronis Cyber Protect 安全漏洞 — Acronis Cyber Protect 17 9.1 -2026-03-05
CVE-2025-15595 Inno Setup 安全漏洞 — Inno Setup 7.8AIHighAI2026-03-03
CVE-2026-1693 PcVue 安全漏洞 — PcVue 9.1AICriticalAI2026-02-26
CVE-2025-30412 Acronis Cyber Protect 安全漏洞 — Acronis Cyber Protect 16 9.1AICriticalAI2026-02-20
CVE-2025-30411 Acronis Cyber Protect 安全漏洞 — Acronis Cyber Protect 16 9.1AICriticalAI2026-02-20
CVE-2025-57713 QNAP Systems File Station 5 安全漏洞 — File Station 5 7.5AIHighAI2026-02-11
CVE-2025-40554 SolarWinds Web Help Desk 安全漏洞 — Web Help Desk 9.8 Critical2026-01-28
CVE-2025-40552 SolarWinds Web Help Desk 安全漏洞 — Web Help Desk 9.8 Critical2026-01-28
CVE-2023-53894 PHP Filesystem Management Tool 安全漏洞 — phpfm 9.8 Critical2025-12-16
CVE-2025-12871 aEnrich a+HRD 安全漏洞 — a+HRD 9.8 Critical2025-11-12
CVE-2025-12870 aEnrich a+HRD 安全漏洞 — a+HRD 9.8 Critical2025-11-12
CVE-2025-11084 Rockwell Automation DataMosaix Private Cloud 安全漏洞 — FactoryTalk® DataMosaix™ Private Cloud 7.4 -2025-11-11
CVE-2025-59249 Microsoft Exchange Server 安全漏洞 — Microsoft Exchange Server 2016 Cumulative Update 23 8.8 High2025-10-14
CVE-2025-49201 Fortinet FortiSwitchManager和Fortinet FortiPAM 安全漏洞 — FortiPAM 7.4 High2025-10-14
CVE-2025-50173 Microsoft Windows Installer 安全漏洞 — Multimedia Redirection Installer 7.8 High2025-08-12
CVE-2025-47995 Microsoft Azure Machine Learning 安全漏洞 — Azure Machine Learning 6.5 Medium2025-07-18
CVE-2025-1727 AAR End-of-Train and Head-of-Train remote linking protocol 安全漏洞 — End-of-Train and Head-of-Train remote linking protocol 8.1 High2025-07-10
CVE-2025-7326 Microsoft ASP.NET Core 安全漏洞 — ASP.NET Core 6.0 7.0 High2025-07-08
CVE-2025-47479 WordPress plugin WP Compress 安全漏洞 — WP Compress 5.3 Medium2025-07-04
CVE-2025-5484 SinoTrack IOT PC Platform 安全漏洞 — IOT PC Platform 8.3 High2025-06-12

CWE-1390 是常见的弱点类别,本平台收录该类弱点关联的 66 条 CVE 漏洞。