Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-09-20 | CVE-2010-3471 | Improper Authentication vulnerability in IBM Filenet P8 Application Engine 4.0.2 Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors. | 4.3 |
| 2010-09-15 | CVE-2010-2731 | Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass Vulnerability." network CWE-287 | 6.8 |
| 2010-08-30 | CVE-2010-2940 | Improper Authentication vulnerability in Fedoraproject Sssd 1.3.0 The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password. | 5.1 |
| 2010-08-25 | CVE-2010-1802 | Improper Authentication vulnerability in Apple Libsecurity, mac OS X and mac OS X Server libsecurity in Apple Mac OS X 10.5.8 and 10.6.4 does not properly perform comparisons to domain-name strings in X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a certificate associated with a similar domain name, as demonstrated by use of a www.example.con certificate to spoof www.example.com. | 6.4 |
| 2010-08-25 | CVE-2009-4987 | Improper Authentication vulnerability in Scripteen Free Image Hosting Script 2.3 admin/header.php in Scripteen Free Image Hosting Script 2.3 allows remote attackers to bypass authentication and gain administrative access by setting the cookgid cookie value to 1, a different vector than CVE-2008-3211. | 7.5 |
| 2010-08-20 | CVE-2010-2944 | Improper Authentication vulnerability in Jens Vagelpohl Zope-Ldapuserfolder 2.91 The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote attackers to gain privileges. | 7.5 |
| 2010-08-10 | CVE-2010-0834 | Improper Authentication vulnerability in Ubuntu Linux 10.04/9.10 The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package. | 9.3 |
| 2010-08-05 | CVE-2010-2526 | Improper Authentication vulnerability in Heinz Mauelshagen Lvm2 The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands. | 4.6 |
| 2010-08-02 | CVE-2010-2927 | Improper Authentication vulnerability in IBM Tivoli Directory Server The slapi_printmessage function in IBM Tivoli Directory Server (ITDS) before 6.0.0.8-TIV-ITDS-IF0006 allows remote attackers to cause a denial of service (daemon crash) via multiple incomplete DIGEST-MD5 connection attempts. | 5.0 |
| 2010-07-28 | CVE-2010-0833 | Improper Authentication vulnerability in Likewise Cifs and Likewise Open The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, as used in HP StorageWorks X9000 Network Storage Systems and possibly other products, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired. | 9.3 |