Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-09 | CVE-2018-3601 | Improper Authentication vulnerability in Trendmicro Control Manager 6.0 A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations. | 9.8 |
| 2018-02-09 | CVE-2017-0911 | Improper Authentication vulnerability in Twitter KIT Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. | 5.4 |
| 2018-02-08 | CVE-2018-6180 | Improper Authentication vulnerability in Themashabrand Online Voting Platform 1.0 A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts. | 9.8 |
| 2018-02-08 | CVE-2018-0116 | Improper Authentication vulnerability in Cisco Mobility Services Engine 13.0.0/13.1.0/14.0.0 A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username. | 7.2 |
| 2018-02-06 | CVE-2017-6199 | Improper Authentication vulnerability in Sandstorm A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field. | 9.8 |
| 2018-02-06 | CVE-2018-6569 | Improper Authentication vulnerability in West-Wind web Connection West Wind Web Server 6.x does not require authentication for /ADMIN.ASP. | 8.8 |
| 2018-02-05 | CVE-2018-5794 | Improper Authentication vulnerability in Extremewireless Wing An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. | 5.3 |
| 2018-02-01 | CVE-2017-2297 | Improper Authentication vulnerability in Puppet Enterprise Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. | 7.5 |
| 2018-02-01 | CVE-2011-4068 | Improper Authentication vulnerability in Packetfence The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password. | 9.8 |
| 2018-01-31 | CVE-2017-16858 | Improper Authentication vulnerability in Atlassian Crowd The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. | 6.8 |