Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2018-05-29 CVE-2016-10525 Improper Authentication vulnerability in Dwyl Hapi-Auth-Jwt2
When attempting to allow authentication mode `try` in hapi, hapi-auth-jwt2 version 5.1.1 introduced an issue whereby people could bypass authentication.
network
low complexity
dwyl CWE-287
critical
9.8
2018-05-29 CVE-2014-10067 Improper Authentication vulnerability in Paypal-Ipn Project Paypal-Ipn
paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox.
network
high complexity
paypal-ipn-project CWE-287
5.9
2018-05-25 CVE-2018-8862 Improper Authentication vulnerability in Atisystem products
In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.
high complexity
atisystem CWE-287
3.1
2018-05-24 CVE-2017-9421 Improper Authentication vulnerability in Accellion Kiteworks
Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token.
network
low complexity
accellion CWE-287
6.5
2018-05-23 CVE-2018-8898 Improper Authentication vulnerability in Dlink Dsl-3782 Firmware 3.10.0.24
A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and configurations meanwhile an administrator is logged into the web panel.
network
low complexity
dlink CWE-287
critical
9.8
2018-05-17 CVE-2018-0271 Improper Authentication vulnerability in Cisco Digital Network Architecture Center 1.1/1.1.1
A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services.
network
low complexity
cisco CWE-287
critical
9.8
2018-05-15 CVE-2017-2604 Improper Authentication vulnerability in Jenkins
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).
network
low complexity
jenkins CWE-287
4.3
2018-05-11 CVE-2018-6617 Improper Authentication vulnerability in Ehcp Easy Hosting Control Panel 0.37.12.B
Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL server, allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password.
local
low complexity
ehcp CWE-287
7.8
2018-05-10 CVE-2018-7941 Improper Authentication vulnerability in Huawei products
Huawei iBMC V200R002C60 have an authentication bypass vulnerability.
network
low complexity
huawei CWE-287
8.8
2018-05-10 CVE-2018-7940 Improper Authentication vulnerability in Huawei Mate 9 Firmware and Mate 9 PRO Firmware
Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0.129(SP2C01) have an authentication bypass vulnerability.
low complexity
huawei CWE-287
6.2