Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-10-22 | CVE-2014-8763 | Improper Authentication vulnerability in multiple products DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind. | 5.0 |
| 2014-10-22 | CVE-2014-8088 | Improper Authentication vulnerability in Zend Framework The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind. | 5.0 |
| 2014-10-22 | CVE-2014-6387 | Improper Authentication vulnerability in Mantisbt gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind. | 5.0 |
| 2014-10-20 | CVE-2014-8329 | Improper Authentication vulnerability in Schrack products Schrack Technik microControl with firmware before 1.7.0 (937) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain access data for the ftp and telnet services via a direct request for ZTPUsrDtls.txt. | 10.0 |
| 2014-10-19 | CVE-2014-6116 | Improper Authentication vulnerability in IBM Websphere MQ 8.0.0.1 The Telemetry Component in WebSphere MQ 8.0.0.1 before p000-001-L140910 allows remote attackers to bypass authentication by setting the JAASConfig property in an MQTT client configuration. | 4.3 |
| 2014-10-18 | CVE-2014-4444 | Improper Authentication vulnerability in Apple mac OS X SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login. | 4.4 |
| 2014-10-18 | CVE-2014-4435 | Improper Authentication vulnerability in Apple mac OS X The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots. | 4.4 |
| 2014-10-18 | CVE-2014-4425 | Improper Authentication vulnerability in Apple mac OS X CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation. | 4.6 |
| 2014-10-17 | CVE-2014-2066 | Improper Authentication vulnerability in Jenkins Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies. | 6.8 |
| 2014-10-17 | CVE-2014-2062 | Improper Authentication vulnerability in Jenkins Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token. | 6.5 |