Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-13 | CVE-2014-4198 | Improper Authentication vulnerability in Bssys RBS Bs-Client. Retail Client 2.4/2.5 A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function. | 9.1 |
| 2020-02-13 | CVE-2020-8953 | Improper Authentication vulnerability in Openvpn Access Server 2.8.0 OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication). | 9.8 |
| 2020-02-12 | CVE-2011-4338 | Improper Authentication vulnerability in Shaman Project Shaman 1.0.9 Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. | 7.8 |
| 2020-02-12 | CVE-2020-8595 | Improper Authentication vulnerability in multiple products Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. | 7.3 |
| 2020-02-11 | CVE-2020-0688 | Improper Authentication vulnerability in Microsoft Exchange Server A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. | 8.8 |
| 2020-02-11 | CVE-2013-2120 | Improper Authentication vulnerability in KDE Paste Applet The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack. | 8.4 |
| 2020-02-11 | CVE-2013-5582 | Improper Authentication vulnerability in Ammyy Admin 3.2 Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extracts a field from the AA_v3.2.exe file. | 7.8 |
| 2020-02-11 | CVE-2014-9753 | Improper Authentication vulnerability in Atutor confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter. | 9.8 |
| 2020-02-11 | CVE-2013-1359 | Improper Authentication vulnerability in Sonicwall products An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account. | 9.8 |
| 2020-02-11 | CVE-2013-1360 | Improper Authentication vulnerability in Sonicwall products An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access. | 9.8 |