Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-13 | CVE-2019-14598 | Improper Authentication vulnerability in multiple products Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access. | 6.7 |
| 2020-02-13 | CVE-2014-4198 | Improper Authentication vulnerability in Bssys RBS Bs-Client. Retail Client 2.4/2.5 A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function. | 9.1 |
| 2020-02-13 | CVE-2020-8953 | Improper Authentication vulnerability in Openvpn Access Server 2.8.0 OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication). | 9.8 |
| 2020-02-12 | CVE-2011-4338 | Improper Authentication vulnerability in Shaman Project Shaman 1.0.9 Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. | 7.8 |
| 2020-02-12 | CVE-2020-8595 | Improper Authentication vulnerability in multiple products Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. | 7.3 |
| 2020-02-11 | CVE-2020-0688 | Improper Authentication vulnerability in Microsoft Exchange Server A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. | 8.8 |
| 2020-02-11 | CVE-2013-2120 | Improper Authentication vulnerability in KDE Paste Applet The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack. | 8.4 |
| 2020-02-11 | CVE-2013-5582 | Improper Authentication vulnerability in Ammyy Admin 3.2 Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extracts a field from the AA_v3.2.exe file. | 7.8 |
| 2020-02-11 | CVE-2014-9753 | Improper Authentication vulnerability in Atutor confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter. | 9.8 |
| 2020-02-11 | CVE-2013-1359 | Improper Authentication vulnerability in Sonicwall products An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account. | 9.8 |