Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-06-06 | CVE-2013-1205 | Improper Authentication vulnerability in Cisco Webex Meetings Server The Event Center module in Cisco WebEx Meetings Server does not perform request authentication in all intended circumstances, which allows remote attackers to discover host keys and event passwords via crafted URLs, aka Bug ID CSCue62485. | 4.3 |
| 2013-06-05 | CVE-2013-0985 | Improper Authentication vulnerability in Apple mac OS X Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line. | 2.1 |
| 2013-05-29 | CVE-2013-2313 | Improper Authentication vulnerability in Lockon Ec-Cube Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors. | 4.0 |
| 2013-05-29 | CVE-2013-1211 | Improper Authentication vulnerability in Cisco Nx-Os Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM access via (1) spoofed STUN packets or (2) a crafted VMware ESXi instance, aka Bug ID CSCud14832. | 5.0 |
| 2013-05-29 | CVE-2013-1209 | Improper Authentication vulnerability in Cisco Nx-Os The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable packet-level encryption and integrity protection via crafted packets, aka Bug ID CSCud14710. | 5.0 |
| 2013-05-27 | CVE-2013-2954 | Improper Authentication vulnerability in IBM Infosphere Optim Data Growth FOR Oracle E-Business Suite The login page in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not limit the number of incorrect authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | 5.0 |
| 2013-05-21 | CVE-2013-2059 | Improper Authentication vulnerability in Openstack Keystone 2012.1/2013.1 OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token. | 6.0 |
| 2013-05-16 | CVE-2013-1200 | Improper Authentication vulnerability in Cisco Secure Access Control System Session fixation vulnerability in Cisco Secure Access Control System (ACS) allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787. | 6.8 |
| 2013-05-16 | CVE-2013-1188 | Improper Authentication vulnerability in Cisco Unified Communications Manager Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515. | 5.0 |
| 2013-05-15 | CVE-2013-1337 | Improper Authentication vulnerability in Microsoft .Net Framework 4.5 Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability." | 7.5 |