Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-02 | CVE-2017-6413 | Improper Authentication vulnerability in Openidc MOD Auth Openidc The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic. | 8.6 |
| 2017-03-02 | CVE-2017-6062 | Improper Authentication vulnerability in Openidc MOD Auth Openidc The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic. | 8.6 |
| 2017-02-27 | CVE-2017-6343 | Improper Authentication vulnerability in Dahuasecurity Camera Firmware, NVR Firmware and Smartpss Firmware The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the corresponding password, a different vulnerability than CVE-2013-6117. | 8.1 |
| 2017-02-15 | CVE-2016-1888 | Improper Authentication vulnerability in Freebsd The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arguments to login and bypass authentication via vectors involving a "sequence of memory allocation failures." | 7.5 |
| 2017-02-13 | CVE-2017-5152 | Improper Authentication vulnerability in Advantech Webaccess 8.1 An issue was discovered in Advantech WebAccess Version 8.1. | 9.1 |
| 2017-02-13 | CVE-2016-9369 | Improper Authentication vulnerability in Moxa products An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. | 9.8 |
| 2017-02-13 | CVE-2016-9362 | Improper Authentication vulnerability in Wago products An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. | 9.1 |
| 2017-02-13 | CVE-2016-9361 | Improper Authentication vulnerability in Moxa products An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. | 9.8 |
| 2017-02-13 | CVE-2016-8362 | Improper Authentication vulnerability in Moxa products An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. | 6.5 |
| 2017-02-13 | CVE-2016-8347 | Improper Authentication vulnerability in Kabona AB Webdatorcentral An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. | 9.8 |