Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-28 | CVE-2013-2102 | Improper Authentication vulnerability in Redhat Jboss Enterprise Portal Platform The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the service. | 3.3 |
| 2013-10-25 | CVE-2013-4965 | Improper Authentication vulnerability in Puppet Enterprise Puppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a console account, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force attack. | 5.0 |
| 2013-10-25 | CVE-2013-5531 | Improper Authentication vulnerability in Cisco Identity Services Engine Software 1.0/1.1 Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405. | 5.0 |
| 2013-10-13 | CVE-2013-4824 | Improper Authentication vulnerability in HP products Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-1644. | 7.5 |
| 2013-10-05 | CVE-2013-3610 | Improper Authentication vulnerability in Asus Rt-N10E and Rt-N10E Firmware qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request. | 6.1 |
| 2013-10-04 | CVE-2013-5163 | Improper Authentication vulnerability in Apple mac OS X Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors. | 6.6 |
| 2013-10-03 | CVE-2013-5944 | Improper Authentication vulnerability in Siemens products The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface. | 10.0 |
| 2013-09-30 | CVE-2013-3417 | Improper Authentication vulnerability in Cisco Video Surveillance Operations Manager The administrative web interface in Cisco Video Surveillance Operations Manager does not properly perform authentication, which allows remote attackers to watch video feeds via a crafted URL, aka Bug ID CSCtg72262. | 5.0 |
| 2013-09-25 | CVE-2013-5200 | Improper Authentication vulnerability in Open-Xchange Appsuite The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call. | 7.5 |
| 2013-09-24 | CVE-2012-4078 | Improper Authentication vulnerability in Cisco Unified Computing System The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape sequences, which allows remote authenticated users to bypass an unspecified authentication step via SSH port forwarding, aka Bug ID CSCtg17656. | 8.5 |