Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-29 | CVE-2017-14698 | Improper Authentication vulnerability in Asus products ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp. | 9.8 |
| 2018-01-23 | CVE-2017-15531 | Improper Authentication vulnerability in Symantec Reporter 10.1/9.5 Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. | 9.8 |
| 2018-01-23 | CVE-2017-16590 | Improper Authentication vulnerability in Netgain-Systems Enterprise Manager 7.2.699 This vulnerability allows remote attackers to bypass authentication on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. | 8.8 |
| 2018-01-19 | CVE-2015-6926 | Improper Authentication vulnerability in Oxid-Esales Eshop The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token. | 7.5 |
| 2018-01-15 | CVE-2018-5328 | Improper Authentication vulnerability in Beims Contractorweb.Net 5.18.0.0 ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details. | 9.8 |
| 2018-01-12 | CVE-2014-6436 | Improper Authentication vulnerability in Aztech products Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login. | 9.8 |
| 2018-01-12 | CVE-2014-6435 | Improper Authentication vulnerability in Aztech products cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request. | 7.5 |
| 2018-01-10 | CVE-2018-0008 | Improper Authentication vulnerability in Juniper Junos An unauthenticated root login may allow upon reboot when a commit script is used. | 6.2 |
| 2018-01-10 | CVE-2017-3765 | Improper Authentication vulnerability in Lenovo Enterprise Network Operating System 8.4.0.0 In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. | 7.0 |
| 2018-01-09 | CVE-2017-12695 | Improper Authentication vulnerability in GM Shanghai Onstar 7.1 An Improper Authentication issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. | 8.8 |