Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-09-23 | CVE-2013-1443 | Improper Authentication vulnerability in Djangoproject Django The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption) via a long password which is then hashed. | 5.0 |
2013-09-20 | CVE-2013-3473 | Improper Authentication vulnerability in Cisco Prime Central FOR Hosted Collaboration Solution Assurance The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance before 9.1.1 does not properly determine the existence of an authenticated session, which allows remote attackers to discover usernames and passwords via an HTTP request, aka Bug ID CSCud32600. | 7.8 |
2013-09-19 | CVE-2013-5497 | Improper Authentication vulnerability in Cisco Intrusion Prevention System The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly handle user tokens, which allows remote attackers to cause a denial of service (intermittent MainApp hang) via a crafted management-interface connection request, aka Bug ID CSCuf20148. | 4.3 |
2013-09-17 | CVE-2013-3613 | Improper Authentication vulnerability in Dahuasecurity products Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port. | 7.8 |
2013-09-12 | CVE-2013-3039 | Improper Authentication vulnerability in IBM Rational Requirements Composer IBM Rational Requirements Composer before 4.0.4 does not properly perform authentication, which has unspecified impact and remote attack vectors. | 5.4 |
2013-09-09 | CVE-2013-4061 | Improper Authentication vulnerability in IBM Rational Policy Tester IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check authorization for changes to the set of authentication hosts, which allows remote authenticated users to perform spoofing attacks involving an HTTP redirect via unspecified vectors. | 4.0 |
2013-08-31 | CVE-2012-6603 | Improper Authentication vulnerability in Paloaltonetworks Pan-Os The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034. | 10.0 |
2013-08-29 | CVE-2013-3466 | Improper Authentication vulnerability in Cisco Secure Access Control Server The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636. | 9.3 |
2013-08-28 | CVE-2013-3586 | Improper Authentication vulnerability in Samsung DVR and Smart Viewer Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie. | 7.6 |
2013-08-20 | CVE-2013-4958 | Improper Authentication vulnerability in Puppet Enterprise Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation. | 6.9 |