Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-05-03 | CVE-2011-4022 | Improper Authentication vulnerability in Cisco Intrusion Prevention System 7.0/7.1 The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that exceed the configured limit, aka Bug ID CSCto51204. | 5.0 |
2012-05-02 | CVE-2012-0333 | Improper Authentication vulnerability in Cisco products Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768. | 5.0 |
2012-04-30 | CVE-2012-2414 | Improper Authentication vulnerability in Asterisk Open Source main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action. | 6.5 |
2012-04-18 | CVE-2012-1799 | Improper Authentication vulnerability in Siemens products The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password. | 10.0 |
2012-04-13 | CVE-2012-1808 | Improper Authentication vulnerability in Koyo products The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 does not require authentication, which allows remote attackers to perform unspecified functions via unknown vectors. | 10.0 |
2012-04-13 | CVE-2012-1806 | Improper Authentication vulnerability in Koyo products The ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 supports a maximum password length of 8 bytes, which makes it easier for remote attackers to obtain access via a brute-force attack. | 7.5 |
2012-03-22 | CVE-2012-1840 | Improper Authentication vulnerability in Ajaxplorer AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 does not properly perform cookie authentication, which allows remote attackers to obtain login access by leveraging knowledge of a password hash. | 7.5 |
2012-03-22 | CVE-2012-1838 | Improper Authentication vulnerability in Lg-Nortel ELO Gs24M Switch The web management interface on the LG-Nortel ELO GS24M switch allows remote attackers to bypass authentication, and consequently obtain cleartext credential and configuration information, via a direct request to a configuration web page. | 5.0 |
2012-03-20 | CVE-2012-0400 | Improper Authentication vulnerability in RSA Envision 4.0/4.1 EMC RSA enVision 4.x before 4.1 Patch 4 does not properly restrict the number of failed authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | 7.9 |
2012-02-22 | CVE-2012-1256 | Improper Authentication vulnerability in Easyvista The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name in the SSPI_HEADER parameter, to index.php. | 5.0 |