Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-03 | CVE-2018-19249 | Improper Authentication vulnerability in Stripe API 1.0 The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card{}, and reading the cvc_check information if the creation is successful without charging the actual card used in the transaction. | 7.5 |
| 2019-01-03 | CVE-2018-19505 | Improper Authentication vulnerability in BMC Remedy Action Request System Server 7.1 Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call. | 6.5 |
| 2018-12-31 | CVE-2018-19937 | Improper Authentication vulnerability in Videolan VLC for Mobile A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone. | 6.6 |
| 2018-12-26 | CVE-2018-19616 | Improper Authentication vulnerability in Rockwellautomation Powermonitor 1000 Firmware 1408Em3Aentb An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. | 8.1 |
| 2018-12-26 | CVE-2018-17957 | Improper Authentication vulnerability in Suse Repository Mirroring Tool 1.0/1.1.0 The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database. | 7.8 |
| 2018-12-24 | CVE-2018-20422 | Improper Authentication vulnerability in Comsenz Discuzx X3.4 Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be accessed). | 8.1 |
| 2018-12-21 | CVE-2018-20342 | Improper Authentication vulnerability in Floureon Sp012 The Floureon IP Camera SP012 provides a root terminal on a UART serial interface without proper access control. | 6.8 |
| 2018-12-20 | CVE-2018-15721 | Improper Authentication vulnerability in Logitech Harmony HUB Firmware The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. | 9.8 |
| 2018-12-20 | CVE-2018-1000875 | Improper Authentication vulnerability in Berkeley Open Infrastructure for Network Computing 1.0.0/1.0.1/1.0.2 Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. | 9.8 |
| 2018-12-20 | CVE-2018-1778 | Improper Authentication vulnerability in IBM API Connect IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to the other user’s data / access to their privileges (if the user happens to be an Admin for example). | 8.1 |