Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-20 | CVE-2018-1778 | Improper Authentication vulnerability in IBM API Connect IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to the other user’s data / access to their privileges (if the user happens to be an Admin for example). | 8.1 |
| 2018-12-18 | CVE-2018-17777 | Improper Authentication vulnerability in Dlink Dva-5592 Firmware A1Wi20180823 An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. | 9.8 |
| 2018-12-12 | CVE-2018-13816 | Improper Authentication vulnerability in Siemens TIM 1531 IRC Firmware 1.1 A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). | 10.0 |
| 2018-12-07 | CVE-2018-7067 | Improper Authentication vulnerability in Arubanetworks Clearpass Policy Manager A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. | 7.2 |
| 2018-12-03 | CVE-2018-14709 | Improper Authentication vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to insecure token generation. | 9.8 |
| 2018-12-03 | CVE-2018-14708 | Improper Authentication vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic. | 9.8 |
| 2018-11-30 | CVE-2018-14637 | Improper Authentication vulnerability in Redhat Keycloak The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. | 8.1 |
| 2018-11-27 | CVE-2018-7958 | Improper Authentication vulnerability in Huawei Espace 7950 Firmware V200R003C30 There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. | 7.4 |
| 2018-11-22 | CVE-2018-19458 | Improper Authentication vulnerability in PHP-Proxy 3.0.3 In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246. | 7.5 |
| 2018-11-15 | CVE-2018-16160 | Improper Authentication vulnerability in Ftsafe Securecore 2.0 SecureCore Standard Edition Version 2.x allows an attacker to bypass the product 's authentication to log in to a Windows PC. | 7.8 |