Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2016-04-22 CVE-2016-2300 Improper Authentication vulnerability in Ecava Integraxor
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors.
network
low complexity
ecava CWE-287
6.5
2016-04-15 CVE-2016-2076 Improper Authentication vulnerability in VMWare products
Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site.
network
low complexity
vmware CWE-287
7.6
2016-04-12 CVE-2016-0733 Improper Authentication vulnerability in Apache Ranger 0.4.0/0.4.1/0.5.0
The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid username.
network
low complexity
apache CWE-287
critical
9.8
2016-03-19 CVE-2016-2245 Improper Authentication vulnerability in HP Support Assistant 8.1.40.3
HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors.
network
low complexity
hp CWE-287
critical
9.8
2016-03-03 CVE-2016-1329 Improper Authentication vulnerability in multiple products
Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800.
network
low complexity
samsung sun zyxel zzinc CWE-287
critical
9.8
2016-02-04 CVE-2015-8269 Improper Authentication vulnerability in Fisher-Price Smart TOY Bear
The API on Fisher-Price Smart Toy Bear devices allows remote attackers to obtain sensitive information or modify data by leveraging presence in an 802.11 network's coverage area and entering an account number.
network
high complexity
fisher-price CWE-287
7.5
2016-01-29 CVE-2016-0755 Improper Authentication vulnerability in multiple products
The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
network
low complexity
haxx canonical debian CWE-287
7.3
2016-01-29 CVE-2015-7521 Improper Authentication vulnerability in Apache Hive
The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.
network
low complexity
apache CWE-287
8.3
2016-01-26 CVE-2015-7974 Improper Authentication vulnerability in multiple products
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
network
low complexity
ntp siemens netapp debian CWE-287
7.7
2016-01-15 CVE-2015-6314 Improper Authentication vulnerability in Cisco Wireless LAN Controller Software
Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bug ID CSCuw06153.
network
low complexity
cisco CWE-287
critical
9.8