Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-07-09 | CVE-2014-3312 | Improper Authentication vulnerability in Cisco products The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435. | 6.9 |
2014-07-07 | CVE-2014-2614 | Improper Authentication vulnerability in HP Sitescope Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140. | 7.5 |
2014-07-03 | CVE-2014-4168 | Improper Authentication vulnerability in Kryo Iodine (1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote attackers to bypass authentication by continuing execution after an error has been triggering. | 5.0 |
2014-07-02 | CVE-2014-4668 | Improper Authentication vulnerability in multiple products The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password. | 6.8 |
2014-06-25 | CVE-2014-2005 | Improper Authentication vulnerability in Sophos Enterprise Console 5.1/5.2/5.2.1 Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen. | 6.9 |
2014-06-21 | CVE-2014-3053 | Improper Authentication vulnerability in IBM products The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials. | 8.0 |
2014-06-19 | CVE-2014-2609 | Improper Authentication vulnerability in HP Executive Scorecard 9.40/9.41 The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka ZDI-CAN-2116. | 10.0 |
2014-06-14 | CVE-2014-3295 | Improper Authentication vulnerability in Cisco Nx-Os The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309. | 4.8 |
2014-06-11 | CVE-2014-3781 | Improper Authentication vulnerability in Dotclear The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request. | 5.8 |
2014-06-03 | CVE-2014-3945 | Improper Authentication vulnerability in Typo3 The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash. | 4.0 |