Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-08-29 | CVE-2013-3466 | Improper Authentication vulnerability in Cisco Secure Access Control Server The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636. | 9.3 |
2013-08-28 | CVE-2013-3586 | Improper Authentication vulnerability in Samsung DVR and Smart Viewer Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie. | 7.6 |
2013-08-20 | CVE-2013-4958 | Improper Authentication vulnerability in Puppet Enterprise Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation. | 6.9 |
2013-08-20 | CVE-2013-2157 | Improper Authentication vulnerability in Openstack Keystone OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password. | 4.3 |
2013-08-09 | CVE-2013-3659 | Improper Authentication vulnerability in Nttdocomo Overseas Usage 2.0.0/2.0.4 The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Android does not properly connect to Wi-Fi access points, which allows remote attackers to obtain sensitive information by leveraging presence in an 802.11 network's coverage area. | 3.3 |
2013-08-01 | CVE-2013-2993 | Improper Authentication vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors. | 5.8 |
2013-07-31 | CVE-2013-2056 | Improper Authentication vulnerability in Redhat Satellite 5.3/5.4/5.5 The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call. | 5.0 |
2013-07-29 | CVE-2013-2245 | Improper Authentication vulnerability in Moodle rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed. | 4.0 |
2013-07-25 | CVE-2013-3431 | Improper Authentication vulnerability in Cisco Video Surveillance Manager Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169. | 7.8 |
2013-07-25 | CVE-2013-3430 | Improper Authentication vulnerability in Cisco Video Surveillance Manager Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37288. | 9.0 |