Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2019-06-19 CVE-2019-2018 Improper Authentication vulnerability in Google Android 8.1/9.0
In resetPasswordInternal of DevicePolicyManagerService.java, there is a possible bypass of password reset protection due to an unusual root cause.
network
low complexity
google CWE-287
8.8
2019-06-19 CVE-2019-11232 Improper Authentication vulnerability in EIC Biyan 1.57/2.8
EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information (Password) without being authenticated, by sending an EMP_NO element to the kws_login/asp/query_user.asp URI, and then reading the PWD element.
network
low complexity
eic CWE-287
critical
9.8
2019-06-18 CVE-2018-18877 Improper Authentication vulnerability in Columbiaweather Weather Microserver Firmware Ms2.6.9900
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page config_main.php that allows manipulation of the device.
network
low complexity
columbiaweather CWE-287
8.8
2019-06-18 CVE-2019-10998 Improper Authentication vulnerability in Phoenixcontact products
An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices.
low complexity
phoenixcontact CWE-287
6.8
2019-06-17 CVE-2017-9389 Improper Authentication vulnerability in Getvera Veraedge Firmware and Veralite Firmware
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices.
network
low complexity
getvera CWE-287
8.8
2019-06-17 CVE-2017-9383 Improper Authentication vulnerability in Getvera Veraedge Firmware and Veralite Firmware
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices.
network
low complexity
getvera CWE-287
critical
9.9
2019-06-17 CVE-2019-7579 Improper Authentication vulnerability in Linksys Wrt1900Acs Firmware 1.0.3.187766
An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices.
network
low complexity
linksys CWE-287
7.5
2019-06-12 CVE-2019-10157 Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On
It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout .
local
low complexity
redhat CWE-287
5.5
2019-06-07 CVE-2018-19999 Improper Authentication vulnerability in Solarwinds Serv-U FTP Server 15.1.6.25
The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation.
local
low complexity
solarwinds CWE-287
7.8
2019-06-05 CVE-2019-1842 Improper Authentication vulnerability in Cisco IOS XR Firmware
A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames.
network
low complexity
cisco CWE-287
5.4