Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-24 | CVE-2018-20422 | Improper Authentication vulnerability in Comsenz Discuzx X3.4 Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be accessed). | 8.1 |
| 2018-12-21 | CVE-2018-20342 | Improper Authentication vulnerability in Floureon Sp012 The Floureon IP Camera SP012 provides a root terminal on a UART serial interface without proper access control. | 6.8 |
| 2018-12-20 | CVE-2018-15721 | Improper Authentication vulnerability in Logitech Harmony HUB Firmware The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. | 9.8 |
| 2018-12-20 | CVE-2018-1000875 | Improper Authentication vulnerability in Berkeley Open Infrastructure for Network Computing 1.0.0/1.0.1/1.0.2 Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. | 9.8 |
| 2018-12-20 | CVE-2018-1778 | Improper Authentication vulnerability in IBM API Connect IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to the other user’s data / access to their privileges (if the user happens to be an Admin for example). | 8.1 |
| 2018-12-18 | CVE-2018-17777 | Improper Authentication vulnerability in Dlink Dva-5592 Firmware A1Wi20180823 An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. | 9.8 |
| 2018-12-12 | CVE-2018-13816 | Improper Authentication vulnerability in Siemens TIM 1531 IRC Firmware 1.1 A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). | 10.0 |
| 2018-12-07 | CVE-2018-7067 | Improper Authentication vulnerability in Arubanetworks Clearpass Policy Manager A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. | 7.2 |
| 2018-12-03 | CVE-2018-14709 | Improper Authentication vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to insecure token generation. | 9.8 |
| 2018-12-03 | CVE-2018-14708 | Improper Authentication vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic. | 9.8 |