Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-24 | CVE-2018-14705 | Improper Authentication vulnerability in Drobo 5N2 Firmware 4.0.5 In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. | 9.8 |
2020-02-24 | CVE-2019-20481 | Improper Authentication vulnerability in Miele XGW 3000 Zigbee Gateway Firmware In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. | 9.8 |
2020-02-24 | CVE-2019-15299 | Improper Authentication vulnerability in Centreon web An issue was discovered in Centreon Web through 19.04.3. | 8.8 |
2020-02-22 | CVE-2020-8862 | Improper Authentication vulnerability in Dlink Dap-2610 Firmware This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. | 8.8 |
2020-02-22 | CVE-2020-8861 | Improper Authentication vulnerability in Dlink Dap-1330 Firmware 1.00.B21/1.10B01 This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. | 8.8 |
2020-02-19 | CVE-2020-3944 | Improper Authentication vulnerability in VMWare Vrealize Operations 6.6.0/6.7.0 vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication bypass. | 8.6 |
2020-02-19 | CVE-2011-2054 | Improper Authentication vulnerability in Cisco products A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. | 7.5 |
2020-02-18 | CVE-2014-3879 | Improper Authentication vulnerability in Freebsd OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password. | 9.8 |
2020-02-18 | CVE-2013-4454 | Improper Authentication vulnerability in Getbutterfly Portable-PHPmyadmin 1.4.1 WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypass Vulnerabilities | 9.1 |
2020-02-18 | CVE-2020-1842 | Improper Authentication vulnerability in Huawei products Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. | 6.8 |