Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-30 | CVE-2016-2944 | Improper Authentication vulnerability in IBM Bigfix Remote Control 9.1.2 IBM BigFix Remote Control before 9.1.3 does not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. | 9.8 |
| 2016-11-03 | CVE-2016-6452 | Improper Authentication vulnerability in Cisco Prime Home 5.0Base/5.1Base/5.2.0 A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. | 9.8 |
| 2016-10-28 | CVE-2016-6397 | Improper Authentication vulnerability in Cisco IP Interoperability and Collaboration System A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. | 9.8 |
| 2016-10-06 | CVE-2016-6434 | Improper Authentication vulnerability in Cisco Secure Firewall Management Center 6.0.1 Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370. | 7.8 |
| 2016-10-05 | CVE-2016-5686 | Improper Authentication vulnerability in Animas Onetouch Ping Firmware Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol. | 9.8 |
| 2016-10-05 | CVE-2016-5086 | Improper Authentication vulnerability in Animas Onetouch Ping Firmware Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks. | 9.8 |
| 2016-10-03 | CVE-2016-7141 | Improper Authentication vulnerability in multiple products curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. | 7.5 |
| 2016-09-28 | CVE-2016-7191 | Improper Authentication vulnerability in Microsoft Azure Active Directory Passport The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) library 1.x before 1.4.6 and 2.x before 2.0.1 for Node.js does not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token. | 8.1 |
| 2016-09-21 | CVE-2016-6159 | Improper Authentication vulnerability in Huawei Ws331A Router Firmware Ws331A10V100R001C02B017Sp01 The management interface of Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allows remote attackers to bypass authentication and obtain administrative access by sending "special packages" to the LAN interface. | 7.5 |
| 2016-09-21 | CVE-2016-4966 | Improper Authentication vulnerability in Fortinet Fortiwan The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter. | 6.5 |