Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-08 | CVE-2018-0116 | Improper Authentication vulnerability in Cisco Mobility Services Engine 13.0.0/13.1.0/14.0.0 A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username. | 7.2 |
| 2018-02-06 | CVE-2017-6199 | Improper Authentication vulnerability in Sandstorm A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field. | 9.8 |
| 2018-02-06 | CVE-2018-6569 | Improper Authentication vulnerability in West-Wind web Connection West Wind Web Server 6.x does not require authentication for /ADMIN.ASP. | 8.8 |
| 2018-02-05 | CVE-2018-5794 | Improper Authentication vulnerability in Extremewireless Wing An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. | 5.3 |
| 2018-02-01 | CVE-2017-2297 | Improper Authentication vulnerability in Puppet Enterprise Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. | 7.5 |
| 2018-02-01 | CVE-2011-4068 | Improper Authentication vulnerability in Packetfence The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password. | 9.8 |
| 2018-01-31 | CVE-2017-16858 | Improper Authentication vulnerability in Atlassian Crowd The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. | 6.8 |
| 2018-01-29 | CVE-2017-1000354 | Improper Authentication vulnerability in Jenkins Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. | 8.8 |
| 2018-01-29 | CVE-2017-1783 | Improper Authentication vulnerability in multiple products IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. | 4.0 |
| 2018-01-29 | CVE-2017-14698 | Improper Authentication vulnerability in Asus products ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp. | 9.8 |