Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2009-01-07 CVE-2009-0025 Improper Authentication vulnerability in ISC Bind
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
network
isc CWE-287
6.8
2009-01-07 CVE-2009-0021 Improper Authentication vulnerability in NTP
NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
network
low complexity
ntp CWE-287
5.0
2009-01-02 CVE-2008-5809 Improper Authentication vulnerability in Futomi Access Analyzer CGI
futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijack sessions, and obtain sensitive information about analysis results, via a modified id.
network
futomi CWE-287
5.8
2008-12-31 CVE-2008-5783 Improper Authentication vulnerability in V3Chat V3 Chat Live Support 3.0.4
admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
network
low complexity
v3chat CWE-287
7.5
2008-12-26 CVE-2008-5721 Improper Authentication vulnerability in Sapporoworks Blackjumbodog
SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers to bypass authentication and obtain sensitive information via unspecified vectors.
network
low complexity
sapporoworks CWE-287
5.0
2008-12-24 CVE-2008-5708 Improper Authentication vulnerability in Slimcms 1.0.0
redirect.php in SlimCMS 1.0.0 does not require authentication, which allows remote attackers to create administrative users by using the newusername and newpassword parameters and setting the newisadmin parameter to 1.
network
low complexity
slimcms CWE-287
7.5
2008-12-19 CVE-2008-5692 Improper Authentication vulnerability in Ipswitch WS FTP
Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.
network
low complexity
ipswitch CWE-287
5.0
2008-12-19 CVE-2008-5686 Improper Authentication vulnerability in IBM Tivoli Provisioning Manager
IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as demonstrated by running provisioning workflows.
network
ibm CWE-287
8.5
2008-12-17 CVE-2008-5558 Improper Authentication vulnerability in Asterisk Business Edition and Open Source
Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.
network
asterisk CWE-287
4.3
2008-12-17 CVE-2008-4223 Improper Authentication vulnerability in Apple mac OS X Server
Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors.
network
low complexity
apple CWE-287
critical
10.0