Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-30 | CVE-2017-14032 | Improper Authentication vulnerability in ARM Mbed TLS ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. | 8.1 |
| 2017-08-30 | CVE-2017-12698 | Improper Authentication vulnerability in Advantech Webaccess An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. | 9.8 |
| 2017-08-28 | CVE-2015-8332 | Improper Authentication vulnerability in Huawei Vcm5010 Firmware and Vcm5020 Firmware Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and perform a case operation as another user via a crafted message, aka "Horizontal Privilege Escalation Vulnerability." | 8.8 |
| 2017-08-28 | CVE-2015-1401 | Improper Authentication vulnerability in Ldap / SSO Authentication Project Ldap / SSO Authentication 2.0.0 Improper Authentication vulnerability in the "LDAP / SSO Authentication" (ig_ldap_sso_auth) extension 2.0.0 for TYPO3. | 9.8 |
| 2017-08-25 | CVE-2017-7934 | Improper Authentication vulnerability in Osisoft PI Data Archive An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. | 5.9 |
| 2017-08-25 | CVE-2017-7930 | Improper Authentication vulnerability in Osisoft PI Data Archive An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. | 7.4 |
| 2017-08-25 | CVE-2015-3206 | Improper Authentication vulnerability in Apple Pykerberos The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack. | 8.1 |
| 2017-08-25 | CVE-2014-7858 | Improper Authentication vulnerability in D-Link Dnr-326 Firmware The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string. | 9.8 |
| 2017-08-25 | CVE-2014-7857 | Improper Authentication vulnerability in D-Link products D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin. | 9.8 |
| 2017-08-24 | CVE-2015-8308 | Improper Authentication vulnerability in Lxdm Project Lxdm LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections. | 7.8 |