Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-08-22 | CVE-2011-5100 | Improper Authentication vulnerability in Mcafee Firewall Reporter 5.1.0.6 The web interface in McAfee Firewall Reporter before 5.1.0.13 does not properly implement cookie authentication, which allows remote attackers to obtain access, and disable anti-virus functionality, via an HTTP request. | 7.5 |
2012-08-22 | CVE-2009-5116 | Improper Authentication vulnerability in Mcafee Linuxshield 1.5/1.5.1 McAfee LinuxShield 1.5.1 and earlier does not properly implement client authentication, which allows remote authenticated users to obtain Admin access to the statistics server by leveraging a client account. | 6.5 |
2012-08-20 | CVE-2012-2132 | Improper Authentication vulnerability in Gnome Libsoup 2.32.2 libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection. | 5.0 |
2012-08-12 | CVE-2012-3473 | Improper Authentication vulnerability in Ushahidi Platform The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions. | 6.4 |
2012-08-12 | CVE-2012-3472 | Improper Authentication vulnerability in Ushahidi Platform The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request. | 6.4 |
2012-08-12 | CVE-2012-2963 | Improper Authentication vulnerability in Breakingpointsystems products The administrative interface in the embedded web server on the BreakingPoint Storm appliance before 3.0 does not require authentication for the gwt/BugReport script, which allows remote attackers to obtain sensitive information by downloading a .tgz file. | 5.0 |
2012-08-08 | CVE-2012-3424 | Improper Authentication vulnerability in Rubyonrails Rails and Ruby ON Rails The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a with_http_digest helper method, as demonstrated by the authenticate_or_request_with_http_digest method. | 5.0 |
2012-08-06 | CVE-2012-2498 | Improper Authentication vulnerability in Cisco Anyconnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197. | 4.0 |
2012-08-06 | CVE-2012-3408 | Improper Authentication vulnerability in multiple products lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address. | 2.6 |
2012-07-31 | CVE-2012-2626 | Improper Authentication vulnerability in Sonicwall Scrutinizer 8.6.2/9.0.0/9.0.1 cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action. | 5.0 |