Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2018-02-14 CVE-2018-7034 Improper Authentication vulnerability in Trendnet products
TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B01 devices allow authentication bypass via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php.
network
low complexity
trendnet CWE-287
7.5
2018-02-13 CVE-2018-5459 Improper Authentication vulnerability in Wago Pfc200 Firmware
An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X.
network
low complexity
wago CWE-287
critical
9.8
2018-02-12 CVE-2017-18179 Improper Authentication vulnerability in Progress Sitefinity 9.1
Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination.
network
low complexity
progress CWE-287
8.8
2018-02-09 CVE-2018-3601 Improper Authentication vulnerability in Trendmicro Control Manager 6.0
A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations.
network
low complexity
trendmicro CWE-287
critical
9.8
2018-02-09 CVE-2017-0911 Improper Authentication vulnerability in Twitter KIT
Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials.
network
low complexity
twitter CWE-287
5.4
2018-02-08 CVE-2018-6180 Improper Authentication vulnerability in Themashabrand Online Voting Platform 1.0
A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts.
network
low complexity
themashabrand CWE-287
critical
9.8
2018-02-08 CVE-2018-0116 Improper Authentication vulnerability in Cisco Mobility Services Engine 13.0.0/13.1.0/14.0.0
A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username.
network
low complexity
cisco CWE-287
7.2
2018-02-06 CVE-2017-6199 Improper Authentication vulnerability in Sandstorm
A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field.
network
low complexity
sandstorm CWE-287
critical
9.8
2018-02-06 CVE-2018-6569 Improper Authentication vulnerability in West-Wind web Connection
West Wind Web Server 6.x does not require authentication for /ADMIN.ASP.
network
low complexity
west-wind CWE-287
8.8
2018-02-05 CVE-2018-5794 Improper Authentication vulnerability in Extremewireless Wing
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3.
network
low complexity
extremewireless CWE-287
5.3