Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-11-17 | CVE-2010-4232 | Improper Authentication vulnerability in multiple products The web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to bypass authentication via a // (slash slash) at the beginning of a URI, as demonstrated by the //system.html URI. | 10.0 |
2010-11-15 | CVE-2010-1838 | Improper Authentication vulnerability in Apple mac OS X and mac OS X Server Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle errors associated with disabled mobile accounts, which allows remote attackers to bypass authentication by providing a valid account name. | 4.4 |
2010-11-12 | CVE-2010-3896 | Improper Authentication vulnerability in IBM Omnifind The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request to palette.do. | 7.5 |
2010-11-09 | CVE-2010-4211 | Improper Authentication vulnerability in Ebay Paypal The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate. | 2.9 |
2010-10-19 | CVE-2008-7263 | Improper Authentication vulnerability in G.Rodola Pyftpdlib ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack. | 7.5 |
2010-10-19 | CVE-2007-6737 | Improper Authentication vulnerability in G.Rodola Pyftpdlib 0.1 FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack. | 7.5 |
2010-10-05 | CVE-2010-3739 | Improper Authentication vulnerability in IBM DB2 Universal Database 9.5 The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery. | 6.4 |
2010-09-29 | CVE-2010-3686 | Improper Authentication vulnerability in multiple products The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | 5.0 |
2010-09-29 | CVE-2010-3685 | Improper Authentication vulnerability in multiple products The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | 5.0 |
2010-09-29 | CVE-2010-3091 | Improper Authentication vulnerability in multiple products The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | 5.0 |