Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-08 | CVE-2015-2800 | Improper Authentication vulnerability in Huawei products The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation. | 7.5 |
| 2017-06-07 | CVE-2017-7314 | Improper Authentication vulnerability in Personify Personify360 E-Business An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. | 7.5 |
| 2017-06-06 | CVE-2014-8180 | Improper Authentication vulnerability in Mongodb MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service. | 5.5 |
| 2017-06-06 | CVE-2014-9952 | Improper Authentication vulnerability in Google Android In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist. | 7.8 |
| 2017-05-29 | CVE-2017-9148 | Improper Authentication vulnerability in Freeradius The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS. | 9.8 |
| 2017-05-25 | CVE-2014-3527 | Improper Authentication vulnerability in VMWare Spring Security When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. | 9.8 |
| 2017-05-25 | CVE-2014-0097 | Improper Authentication vulnerability in VMWare Spring Security The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. | 7.3 |
| 2017-05-23 | CVE-2015-6817 | Improper Authentication vulnerability in Pgbouncer 1.6 PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username. | 8.1 |
| 2017-05-22 | CVE-2016-4863 | Improper Authentication vulnerability in Toshiba Flashair The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when "Internet pass-thru Mode" is enabled, which allows attackers with access to STA side LAN can obtain files or data. | 4.3 |
| 2017-05-21 | CVE-2017-9100 | Improper Authentication vulnerability in Dlink Dir-600M Firmware 3.04 login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt. | 8.8 |