Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2018-12-31 CVE-2018-19937 Improper Authentication vulnerability in Videolan VLC for Mobile
A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone.
low complexity
videolan CWE-287
6.6
2018-12-26 CVE-2018-19616 Improper Authentication vulnerability in Rockwellautomation Powermonitor 1000 Firmware 1408Em3Aentb
An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000.
network
high complexity
rockwellautomation CWE-287
8.1
2018-12-26 CVE-2018-17957 Improper Authentication vulnerability in Suse Repository Mirroring Tool 1.0/1.1.0
The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database.
local
low complexity
suse CWE-287
7.8
2018-12-24 CVE-2018-20422 Improper Authentication vulnerability in Comsenz Discuzx X3.4
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be accessed).
network
high complexity
comsenz CWE-287
8.1
2018-12-21 CVE-2018-20342 Improper Authentication vulnerability in Floureon Sp012
The Floureon IP Camera SP012 provides a root terminal on a UART serial interface without proper access control.
low complexity
floureon CWE-287
6.8
2018-12-20 CVE-2018-15721 Improper Authentication vulnerability in Logitech Harmony HUB Firmware
The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request.
network
low complexity
logitech CWE-287
critical
9.8
2018-12-20 CVE-2018-1000875 Improper Authentication vulnerability in Berkeley Open Infrastructure for Network Computing 1.0.0/1.0.1/1.0.2
Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account.
network
low complexity
berkeley CWE-287
critical
9.8
2018-12-20 CVE-2018-1778 Improper Authentication vulnerability in IBM API Connect
IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to the other user’s data / access to their privileges (if the user happens to be an Admin for example).
network
high complexity
ibm CWE-287
8.1
2018-12-18 CVE-2018-17777 Improper Authentication vulnerability in Dlink Dva-5592 Firmware A1Wi20180823
An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices.
network
low complexity
dlink CWE-287
critical
9.8
2018-12-12 CVE-2018-13816 Improper Authentication vulnerability in Siemens TIM 1531 IRC Firmware 1.1
A vulnerability has been identified in TIM 1531 IRC (All version < V2.0).
network
low complexity
siemens CWE-287
critical
10.0