Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2009-02-26 CVE-2008-6307 Improper Authentication vulnerability in E-Topbiz Link Back Checker 1
E-topbiz Link Back Checker 1 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "admin."
network
low complexity
e-topbiz CWE-287
7.5
2009-02-26 CVE-2009-0614 Improper Authentication vulnerability in Cisco Unified Meetingplace web Conferencing 7.0(1)
Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL.
network
low complexity
cisco CWE-287
critical
9.0
2009-02-26 CVE-2008-6300 Improper Authentication vulnerability in GWM Galatolo Webmanager 1.3A
Galatolo WebManager 1.3a allows remote attackers to bypass authentication and gain administrative access by setting the (1) gwm_user and (2) gwm_pass cookies to admin.
network
low complexity
gwm CWE-287
7.5
2009-02-25 CVE-2008-6269 Improper Authentication vulnerability in Joovili 3.1.4
Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session_id, session_logged_in, and session_username cookies for user privileges; (2) session_admin_id, session_admin_username, and session_admin cookies for admin privileges; and (3) session_staff_id, session_staff_username, and session_staff cookies for staff users.
network
low complexity
joovili CWE-287
7.5
2009-02-22 CVE-2009-0440 Improper Authentication vulnerability in IBM Websphere Partner Gateway
IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print."
network
low complexity
ibm CWE-287
6.5
2009-02-20 CVE-2009-0655 Improper Authentication vulnerability in Lenovo Veriface III
Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user.
local
lenovo CWE-287
6.9
2009-02-20 CVE-2009-0653 Improper Authentication vulnerability in Openssl 0.9.6
OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.
network
low complexity
openssl CWE-287
7.5
2009-02-20 CVE-2009-0642 Improper Authentication vulnerability in Ruby-Lang Ruby 1.8/1.9
ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate.
network
ruby-lang CWE-287
6.8
2009-02-20 CVE-2008-6162 Improper Authentication vulnerability in BUX Bux.To Clone Script
Bux.to Clone script allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1 and the usNick cookie to admin.
network
low complexity
bux CWE-287
7.5
2009-02-16 CVE-2008-6143 Improper Authentication vulnerability in Owentechkenya Owenpoll 1.0
OwenPoll 1.0 allows remote attackers to bypass authentication and obtain administrative access via a modified account name in the username cookie.
network
low complexity
owentechkenya CWE-287
7.5