CWE-287

File-sharing PHP product does not check if user is logged in during requests for PHP library files under an includes/ directory, allowing configuration changes, code execution, and other impacts.

Chat application skips validation when Central Authentication Service (CAS) is enabled, effectively removing the second factor from two-factor authentication

Python-based authentication proxy does not enforce password authentication during the initial handshake, allowing the client to bypass authentication by specifying a 'None' authentication type.

Chain: Web UI for a Python RPC framework does not use regex anchors to validate user login emails (CWE-777), potentially allowing bypass of OAuth (CWE-1390).

TCP-based protocol in Programmable Logic Controller (PLC) has no authentication.

Condition Monitor uses a protocol that does not require authentication.

Safety Instrumented System uses proprietary TCP protocols with no authentication.

Distributed Control System (DCS) uses a protocol that has no authentication.

SCADA system only uses client-side authentication, allowing adversaries to impersonate other users.

Chain: Python-based HTTP Proxy server uses the wrong boolean operators (CWE-480) causing an incorrect comparison (CWE-697) that identifies an authN failure if all three conditions are met instead of only one, allowing bypass of the proxy authentication (CWE-1390)