Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-09-25 | CVE-2013-5200 | Improper Authentication vulnerability in Open-Xchange Appsuite The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call. | 7.5 |
| 2013-09-24 | CVE-2012-4078 | Improper Authentication vulnerability in Cisco Unified Computing System The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape sequences, which allows remote authenticated users to bypass an unspecified authentication step via SSH port forwarding, aka Bug ID CSCtg17656. | 8.5 |
| 2013-09-23 | CVE-2013-5119 | Improper Authentication vulnerability in Synacor Zimbra Collaboration Suite Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token. | 6.8 |
| 2013-09-23 | CVE-2013-1443 | Improper Authentication vulnerability in Djangoproject Django The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption) via a long password which is then hashed. | 5.0 |
| 2013-09-20 | CVE-2013-3473 | Improper Authentication vulnerability in Cisco Prime Central FOR Hosted Collaboration Solution Assurance The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance before 9.1.1 does not properly determine the existence of an authenticated session, which allows remote attackers to discover usernames and passwords via an HTTP request, aka Bug ID CSCud32600. | 7.8 |
| 2013-09-19 | CVE-2013-5497 | Improper Authentication vulnerability in Cisco Intrusion Prevention System The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly handle user tokens, which allows remote attackers to cause a denial of service (intermittent MainApp hang) via a crafted management-interface connection request, aka Bug ID CSCuf20148. | 4.3 |
| 2013-09-17 | CVE-2013-3613 | Improper Authentication vulnerability in Dahuasecurity products Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port. | 7.8 |
| 2013-09-12 | CVE-2013-3039 | Improper Authentication vulnerability in IBM Rational Requirements Composer IBM Rational Requirements Composer before 4.0.4 does not properly perform authentication, which has unspecified impact and remote attack vectors. | 5.4 |
| 2013-09-09 | CVE-2013-4061 | Improper Authentication vulnerability in IBM Rational Policy Tester IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check authorization for changes to the set of authentication hosts, which allows remote authenticated users to perform spoofing attacks involving an HTTP redirect via unspecified vectors. | 4.0 |
| 2013-08-31 | CVE-2012-6603 | Improper Authentication vulnerability in Paloaltonetworks Pan-Os The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034. | 10.0 |