Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-10 | CVE-2014-0166 | Improper Authentication vulnerability in Wordpress The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie. | 6.4 |
| 2014-04-01 | CVE-2014-0635 | Improper Authentication vulnerability in EMC Vplex Geosynchrony Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors. | 7.5 |
| 2014-03-31 | CVE-2014-1982 | Improper Authentication vulnerability in Alliedtelesis products The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html. | 10.0 |
| 2014-03-14 | CVE-2014-2047 | Improper Authentication vulnerability in Owncloud Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vectors. | 6.8 |
| 2014-03-14 | CVE-2012-5158 | Improper Authentication vulnerability in multiple products Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote authenticated users to retain access via unspecified vectors. | 4.0 |
| 2014-03-11 | CVE-2013-6031 | Improper Authentication vulnerability in Huawei E355 and E355 Firmware The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information, via a direct request to (1) api/wlan/security-settings, (2) api/device/information, (3) api/wlan/basic-settings, (4) api/wlan/mac-filter, (5) api/monitoring/status, or (6) api/dhcp/settings. | 4.3 |
| 2014-03-09 | CVE-2013-7322 | Improper Authentication vulnerability in Nongnu Oath Toolkit usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay attacks, as demonstrated by a commented out line when using libpam-oath. | 4.9 |
| 2014-03-09 | CVE-2013-4966 | Improper Authentication vulnerability in Puppet Enterprise The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console. | 6.4 |
| 2014-03-06 | CVE-2014-1911 | Improper Authentication vulnerability in Foscam Fi8919W and Fi8919W Firmware The Foscam FI8910W camera with firmware before 11.37.2.55 allows remote attackers to obtain sensitive video and image data via a blank username and password. | 7.8 |
| 2014-02-27 | CVE-2014-2075 | Improper Authentication vulnerability in Tibco products TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors. | 10.0 |