Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-29 | CVE-2016-10525 | Improper Authentication vulnerability in Dwyl Hapi-Auth-Jwt2 When attempting to allow authentication mode `try` in hapi, hapi-auth-jwt2 version 5.1.1 introduced an issue whereby people could bypass authentication. | 9.8 |
| 2018-05-29 | CVE-2014-10067 | Improper Authentication vulnerability in Paypal-Ipn Project Paypal-Ipn paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. | 5.9 |
| 2018-05-25 | CVE-2018-8862 | Improper Authentication vulnerability in Atisystem products In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms. | 3.1 |
| 2018-05-24 | CVE-2017-9421 | Improper Authentication vulnerability in Accellion Kiteworks Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token. | 6.5 |
| 2018-05-23 | CVE-2018-8898 | Improper Authentication vulnerability in Dlink Dsl-3782 Firmware 3.10.0.24 A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and configurations meanwhile an administrator is logged into the web panel. | 9.8 |
| 2018-05-17 | CVE-2018-0271 | Improper Authentication vulnerability in Cisco Digital Network Architecture Center 1.1/1.1.1 A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. | 9.8 |
| 2018-05-15 | CVE-2017-2604 | Improper Authentication vulnerability in Jenkins In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371). | 4.3 |
| 2018-05-11 | CVE-2018-6617 | Improper Authentication vulnerability in Ehcp Easy Hosting Control Panel 0.37.12.B Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL server, allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password. | 7.8 |
| 2018-05-10 | CVE-2018-7941 | Improper Authentication vulnerability in Huawei products Huawei iBMC V200R002C60 have an authentication bypass vulnerability. | 8.8 |
| 2018-05-10 | CVE-2018-7940 | Improper Authentication vulnerability in Huawei Mate 9 Firmware and Mate 9 PRO Firmware Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0.129(SP2C01) have an authentication bypass vulnerability. | 6.2 |