Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-06-03 | CVE-2014-3945 | Improper Authentication vulnerability in Typo3 The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash. | 4.0 |
2014-06-03 | CVE-2014-3944 | Improper Authentication vulnerability in Typo3 The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors. | 5.8 |
2014-06-03 | CVE-2013-0191 | Improper Authentication vulnerability in Lucas Clemente Vella Libpam-Pgsql 0.7 libpam-pgsql (aka pam_pgsql) 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password. | 5.0 |
2014-06-02 | CVE-2013-6470 | Improper Authentication vulnerability in Redhat Openstack 4.0 The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid. | 5.0 |
2014-05-30 | CVE-2014-3780 | Improper Authentication vulnerability in Citrix Vdi-In-A-Box Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet. | 7.5 |
2014-05-30 | CVE-2013-6788 | Improper Authentication vulnerability in Bitrix E-Store Module The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and bypass authentication via a brute force attack. | 7.5 |
2014-05-29 | CVE-2014-3277 | Improper Authentication vulnerability in Cisco Unified Communications Domain Manager The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum77005. | 4.0 |
2014-05-29 | CVE-2013-4178 | Improper Authentication vulnerability in Google Authenticator Login Project GA Login The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password (OTP). | 5.0 |
2014-05-29 | CVE-2013-2193 | Improper Authentication vulnerability in Apache Hbase Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via unspecified vectors. | 4.3 |
2014-05-27 | CVE-2012-6452 | Improper Authentication vulnerability in Axway Email Firewall and Secure Messenger Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests. | 5.0 |