Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-02-25 | CVE-2011-0718 | Improper Authentication vulnerability in Redhat Network Satellite Server 5.4 Red Hat Network (RHN) Satellite Server 5.4 does not use a time delay after a failed login attempt, which makes it easier for remote attackers to conduct brute force password guessing attacks. | 5.8 |
| 2011-02-25 | CVE-2011-0392 | Improper Authentication vulnerability in Cisco products Cisco TelePresence Recording Server devices with software 1.6.x do not require authentication for an XML-RPC interface, which allows remote attackers to perform unspecified actions via a session on TCP port 8080, aka Bug ID CSCtg35833. | 7.5 |
| 2011-02-25 | CVE-2011-0384 | Improper Authentication vulnerability in Cisco products The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253. | 10.0 |
| 2011-02-25 | CVE-2011-0383 | Improper Authentication vulnerability in Cisco products The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008. | 10.0 |
| 2011-02-25 | CVE-2011-0380 | Improper Authentication vulnerability in Cisco Telepresence Manager Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to bypass authentication and invoke arbitrary methods via a malformed SOAP request, aka Bug ID CSCtc59562. | 7.5 |
| 2011-02-18 | CVE-2011-0453 | Improper Authentication vulnerability in F-Secure Internet Gatekeeper 3.02.1221 F-Secure Internet Gatekeeper for Linux 3.x before 3.03 does not require authentication for reading access logs, which allows remote attackers to obtain potentially sensitive information via a TCP session on the admin UI port. | 5.0 |
| 2011-02-10 | CVE-2011-0091 | Improper Authentication vulnerability in Microsoft Windows 7 and Windows Server 2008 Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability." | 6.4 |
| 2011-02-09 | CVE-2011-0039 | Improper Authentication vulnerability in Microsoft Windows 2003 Server and Windows XP The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability." | 7.2 |
| 2011-02-08 | CVE-2011-0920 | Improper Authentication vulnerability in IBM Lotus Domino The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors, aka SPR PRAD89WGRS. | 9.3 |
| 2011-01-31 | CVE-2011-0688 | Improper Authentication vulnerability in Symantec products Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary commands via crafted messages over TCP, as discovered by Junaid Bohio, a different vulnerability than CVE-2010-0110 and CVE-2010-0111. | 9.3 |