Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-29 | CVE-2019-6481 | Improper Authentication vulnerability in Abine Blur 7.8.2431 Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app." approach, related to a "Multifactor Auth Bypass, Full Disk Encryption Bypass" issue affecting the Affected Chrome Plugin component. | 7.5 |
| 2019-03-29 | CVE-2017-18106 | Improper Authentication vulnerability in Atlassian Crowd The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an application using Crowd for authentication to gain access to another user's session provided they can make their identifier hash collide with another user's session identifier hash. | 7.5 |
| 2019-03-28 | CVE-2019-1759 | Improper Authentication vulnerability in Cisco IOS XE A vulnerability in access control list (ACL) functionality of the Gigabit Ethernet Management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the Gigabit Ethernet Management interface. | 5.3 |
| 2019-03-28 | CVE-2019-1758 | Improper Authentication vulnerability in Cisco IOS A vulnerability in 802.1x function of Cisco IOS Software on the Catalyst 6500 Series Switches could allow an unauthenticated, adjacent attacker to access the network prior to authentication. | 4.3 |
| 2019-03-27 | CVE-2018-12551 | Improper Authentication vulnerability in Eclipse Mosquitto When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. | 8.1 |
| 2019-03-26 | CVE-2019-3878 | Improper Authentication vulnerability in multiple products A vulnerability was found in mod_auth_mellon before v0.14.2. | 8.1 |
| 2019-03-26 | CVE-2014-5432 | Improper Authentication vulnerability in Baxter Sigma Spectrum Infusion System Firmware 6.05 Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. | 9.8 |
| 2019-03-21 | CVE-2019-6441 | Improper Authentication vulnerability in Coship products An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. | 9.8 |
| 2019-03-21 | CVE-2018-19783 | Improper Authentication vulnerability in Kentix Multisensor-Lan Firmware 5.63.00 Kentix MultiSensor-LAN 5.63.00 devices and previous allow Authentication Bypass via an Alternate Path or Channel. | 9.8 |
| 2019-03-21 | CVE-2017-2659 | Improper Authentication vulnerability in Dropbear SSH Project Dropbear SSH It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. | 7.5 |