Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2017-05-29 CVE-2017-9148 Improper Authentication vulnerability in Freeradius
The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.
network
low complexity
freeradius CWE-287
critical
9.8
2017-05-25 CVE-2014-3527 Improper Authentication vulnerability in VMWare Spring Security
When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated.
network
low complexity
vmware CWE-287
critical
9.8
2017-05-25 CVE-2014-0097 Improper Authentication vulnerability in VMWare Spring Security
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length.
network
low complexity
vmware CWE-287
7.3
2017-05-23 CVE-2015-6817 Improper Authentication vulnerability in Pgbouncer 1.6
PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username.
network
high complexity
pgbouncer CWE-287
8.1
2017-05-22 CVE-2016-4863 Improper Authentication vulnerability in Toshiba Flashair
The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when "Internet pass-thru Mode" is enabled, which allows attackers with access to STA side LAN can obtain files or data.
low complexity
toshiba CWE-287
4.3
2017-05-21 CVE-2017-9100 Improper Authentication vulnerability in Dlink Dir-600M Firmware 3.04
login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt.
low complexity
dlink CWE-287
8.8
2017-05-19 CVE-2017-7937 Improper Authentication vulnerability in Phoenix Contact Gmbh Mguard Firmware
An Improper Authentication issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2.
network
high complexity
phoenix-contact-gmbh CWE-287
4.0
2017-05-10 CVE-2017-8879 Improper Authentication vulnerability in Dolibarr Erp/Crm 4.0.4
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.
low complexity
dolibarr CWE-287
6.8
2017-05-08 CVE-2017-8827 Improper Authentication vulnerability in Genixcms 1.0.2
forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might allow remote attackers to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks via a series of requests.
network
low complexity
genixcms CWE-287
critical
9.1
2017-05-06 CVE-2017-7921 Improper Authentication vulnerability in Hikvision products
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices.
network
low complexity
hikvision CWE-287
critical
10.0