Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-13 | CVE-2017-9314 | Improper Authentication vulnerability in Dahuasecurity products Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. | 8.8 |
| 2017-11-10 | CVE-2017-16634 | Improper Authentication vulnerability in Joomla Joomla! In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method. | 9.8 |
| 2017-11-10 | CVE-2017-16562 | Improper Authentication vulnerability in Userproplugin Userpro The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI. | 9.8 |
| 2017-11-07 | CVE-2017-2914 | Improper Authentication vulnerability in Meetcircle Circle With Disney Firmware 2.0.1 An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. | 8.1 |
| 2017-11-07 | CVE-2017-2864 | Improper Authentication vulnerability in Meetcircle Circle With Disney Firmware 2.0.1 An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. | 9.8 |
| 2017-11-03 | CVE-2017-1000154 | Improper Authentication vulnerability in Mahara Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara's built-in login form, still allowing users to log in even if their institution was expired or suspended. | 9.8 |
| 2017-11-02 | CVE-2017-12281 | Improper Authentication vulnerability in Cisco products A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device. | 7.5 |
| 2017-11-02 | CVE-2017-10873 | Improper Authentication vulnerability in Osstech Openam OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. | 8.1 |
| 2017-10-26 | CVE-2017-1222 | Improper Authentication vulnerability in IBM Bigfix Platform 9.2/9.5 IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. | 6.5 |
| 2017-10-26 | CVE-2017-12160 | Improper Authentication vulnerability in Redhat Keycloak It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. | 7.2 |