Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-29 | CVE-2016-0755 | Improper Authentication vulnerability in multiple products The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. | 7.3 |
| 2016-01-29 | CVE-2015-7521 | Improper Authentication vulnerability in Apache Hive The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations. | 8.3 |
| 2016-01-26 | CVE-2015-7974 | Improper Authentication vulnerability in multiple products NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." | 7.7 |
| 2016-01-15 | CVE-2015-6314 | Improper Authentication vulnerability in Cisco Wireless LAN Controller Software Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bug ID CSCuw06153. | 9.8 |
| 2016-01-09 | CVE-2015-7938 | Improper Authentication vulnerability in Advantech Eki-1321 Series Firmware and Eki-1322 Series Firmware Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors. | 9.8 |
| 2015-12-21 | CVE-2015-6480 | Improper Authentication vulnerability in Moxa Oncell Central Manager 2.0 The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrated by the addUserAndGroup action. | 8.3 |
| 2015-12-21 | CVE-2015-1772 | Improper Authentication vulnerability in multiple products The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request. | 7.3 |
| 2014-06-25 | CVE-2014-2005 | Improper Authentication vulnerability in Sophos Enterprise Console 5.1/5.2/5.2.1 Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen. | 6.8 |
| 2014-01-26 | CVE-2013-7137 | Improper Authentication vulnerability in Burden Project Burden The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1. | 9.8 |
| 2013-01-09 | CVE-2013-0625 | Improper Authentication vulnerability in Adobe Coldfusion 9.0/9.0.1/9.0.2 Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013. | 9.8 |