Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-08 | CVE-2019-11018 | Improper Authentication vulnerability in Thinkadmin 4.0 application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change. | 9.8 |
| 2019-04-08 | CVE-2017-7912 | Improper Authentication vulnerability in Hanwhasecurity Srn-4000 Firmware Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication. | 9.8 |
| 2019-04-05 | CVE-2019-10884 | Improper Authentication vulnerability in Uniqkey Password Manager 1.14 Uniqkey Password Manager 1.14 contains a vulnerability because it fails to recognize the difference between domains and sub-domains. | 8.8 |
| 2019-04-04 | CVE-2019-10273 | Improper Authentication vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. | 4.3 |
| 2019-04-02 | CVE-2017-6049 | Improper Authentication vulnerability in 3M Detcon Sitewatch Gateway Detcon Sitewatch Gateway, all versions without cellular, an attacker can edit settings on the device using a specially crafted URL. | 7.5 |
| 2019-04-01 | CVE-2017-8023 | Improper Authentication vulnerability in Dell EMC Networker EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. | 9.8 |
| 2019-04-01 | CVE-2019-5890 | Improper Authentication vulnerability in Overit Geocall 6.3 An issue was discovered in OverIT Geocall 6.3 before build 2:346977. | 8.8 |
| 2019-03-30 | CVE-2019-10661 | Improper Authentication vulnerability in Grandstream Gxv3611Ir HD Firmware On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password. | 9.8 |
| 2019-03-29 | CVE-2019-6481 | Improper Authentication vulnerability in Abine Blur 7.8.2431 Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app." approach, related to a "Multifactor Auth Bypass, Full Disk Encryption Bypass" issue affecting the Affected Chrome Plugin component. | 7.5 |
| 2019-03-29 | CVE-2017-18106 | Improper Authentication vulnerability in Atlassian Crowd The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an application using Crowd for authentication to gain access to another user's session provided they can make their identifier hash collide with another user's session identifier hash. | 7.5 |