Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2020-02-04 CVE-2019-15615 Improper Authentication vulnerability in Nextcloud
A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past.
low complexity
nextcloud CWE-287
6.1
2020-02-04 CVE-2013-7051 Improper Authentication vulnerability in Dlink Dir-100 Firmware 4.03B07
D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters
network
low complexity
dlink CWE-287
8.8
2020-02-03 CVE-2020-8591 Improper Authentication vulnerability in Eginnovations EG Manager 7.1.2
eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request.
network
low complexity
eginnovations CWE-287
critical
9.8
2020-02-03 CVE-2020-8510 Improper Authentication vulnerability in PHPabook Project PHPabook 0.9
An issue was discovered in phpABook 0.9 Intermediate.
network
low complexity
phpabook-project CWE-287
critical
9.8
2020-01-31 CVE-2016-2032 Improper Authentication vulnerability in Arubanetworks Aruba Instant and Arubaos
A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information.
network
low complexity
arubanetworks CWE-287
7.5
2020-01-31 CVE-2013-5116 Improper Authentication vulnerability in Evernote
Evernote prior to 5.5.1 has insecure password change
local
low complexity
evernote CWE-287
7.1
2020-01-31 CVE-2013-5114 Improper Authentication vulnerability in Logmein Lastpass
LastPass prior to 2.5.1 allows secure wipe bypass.
low complexity
logmein CWE-287
6.1
2020-01-31 CVE-2013-5112 Improper Authentication vulnerability in Evernote
Evernote before 5.5.1 has insecure PIN storage
low complexity
evernote CWE-287
4.6
2020-01-30 CVE-2020-5206 Improper Authentication vulnerability in Apereo Opencast
In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access.
network
low complexity
apereo CWE-287
critical
10.0
2020-01-29 CVE-2013-3317 Improper Authentication vulnerability in Netgear Wnr1000 Firmware
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key.
network
low complexity
netgear CWE-287
critical
9.8