Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-04 | CVE-2017-10807 | Improper Authentication vulnerability in Jabberd2 JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled. | 9.8 |
| 2017-07-04 | CVE-2017-6722 | Improper Authentication vulnerability in Cisco Unified Contact Center Express 11.5.1Es01/11.5.1Su1/11.5(1) A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. | 6.1 |
| 2017-07-04 | CVE-2017-6703 | Improper Authentication vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, remote attacker to hijack another user's session. | 5.9 |
| 2017-07-03 | CVE-2017-7919 | Improper Authentication vulnerability in Newport Xps-Cx Firmware and Xps-Qx Firmware An Improper Authentication issue was discovered in Newport XPS-Cx and XPS-Qx. | 9.8 |
| 2017-07-02 | CVE-2017-10796 | Improper Authentication vulnerability in Tp-Link Nc250 Firmware 1.0.10/1.0.8/1.2.1 On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL. | 6.5 |
| 2017-06-30 | CVE-2017-10709 | Improper Authentication vulnerability in Google Android 6.0 The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess. | 6.8 |
| 2017-06-30 | CVE-2017-6034 | Improper Authentication vulnerability in Schneider-Electric Modbus Firmware An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. | 9.8 |
| 2017-06-27 | CVE-2015-1778 | Improper Authentication vulnerability in Opendaylight The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination. | 9.8 |
| 2017-06-21 | CVE-2017-4989 | Improper Authentication vulnerability in EMC Avamar Server In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page. | 9.8 |
| 2017-06-20 | CVE-2017-3167 | Improper Authentication vulnerability in multiple products In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. | 9.8 |