Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-05-20 | CVE-2011-2155 | Improper Authentication vulnerability in Smartertools Smarterstats 6.0 Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation. | 7.5 |
2011-05-05 | CVE-2011-1901 | Improper Authentication vulnerability in Proofpoint Messaging Security Gateway and Protection Server The mail-filter web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to bypass authentication via unspecified vectors. | 7.5 |
2011-04-10 | CVE-2011-1674 | Improper Authentication vulnerability in Netgear Prosafe Wnap210 and Prosafe Wnap210 Firmware The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote attackers to bypass authentication and obtain access to the configuration page by visiting recreate.php and then visiting index.php. | 6.8 |
2011-04-05 | CVE-2011-1561 | Improper Authentication vulnerability in IBM AIX 6.1 The LDAP login feature in bos.rte.security 6.1.6.4 in IBM AIX 6.1, when ldap_auth is enabled in ldap.cfg, allows remote attackers to bypass authentication via a login attempt with an arbitrary password. | 6.8 |
2011-03-29 | CVE-2011-1472 | Improper Authentication vulnerability in Nokia E75 and E75 Firmware The Nokia E75 phone with firmware before 211.12.01 allows physically proximate attackers to bypass the Device Lock code by entering an unspecified button sequence at boot time. | 7.2 |
2011-03-25 | CVE-2011-1520 | Improper Authentication vulnerability in IBM Lotus Domino The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command. | 7.2 |
2011-03-25 | CVE-2011-1519 | Improper Authentication vulnerability in IBM Lotus Domino The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. | 10.0 |
2011-03-20 | CVE-2011-1025 | Improper Authentication vulnerability in Openldap bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password. | 6.8 |
2011-03-15 | CVE-2011-0438 | Improper Authentication vulnerability in Arthurdejong Nss-Pam-Ldapd 0.8.0 nslcd/pam.c in the nss-pam-ldapd 0.8.0 PAM module returns a success code when a user is not found in LDAP, which allows remote attackers to bypass authentication. | 6.8 |
2011-03-07 | CVE-2011-0279 | Improper Authentication vulnerability in HP Multifunction Peripheral Digital Sending Software 4.91.00 HP Multifunction Peripheral (MFP) Digital Sending Software (DSS) 4.91.00 does not properly configure authentication settings of managed devices within device templates, which allows attackers to access these devices via actions that were intended to require authentication. | 2.1 |