Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-01-07 | CVE-2009-0025 | Improper Authentication vulnerability in ISC Bind BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | 6.8 |
2009-01-07 | CVE-2009-0021 | Improper Authentication vulnerability in NTP NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. | 5.0 |
2009-01-02 | CVE-2008-5809 | Improper Authentication vulnerability in Futomi Access Analyzer CGI futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijack sessions, and obtain sensitive information about analysis results, via a modified id. | 5.8 |
2008-12-31 | CVE-2008-5783 | Improper Authentication vulnerability in V3Chat V3 Chat Live Support 3.0.4 admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | 7.5 |
2008-12-26 | CVE-2008-5721 | Improper Authentication vulnerability in Sapporoworks Blackjumbodog SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers to bypass authentication and obtain sensitive information via unspecified vectors. | 5.0 |
2008-12-24 | CVE-2008-5708 | Improper Authentication vulnerability in Slimcms 1.0.0 redirect.php in SlimCMS 1.0.0 does not require authentication, which allows remote attackers to create administrative users by using the newusername and newpassword parameters and setting the newisadmin parameter to 1. | 7.5 |
2008-12-19 | CVE-2008-5692 | Improper Authentication vulnerability in Ipswitch WS FTP Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name. | 5.0 |
2008-12-19 | CVE-2008-5686 | Improper Authentication vulnerability in IBM Tivoli Provisioning Manager IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as demonstrated by running provisioning workflows. | 8.5 |
2008-12-17 | CVE-2008-5558 | Improper Authentication vulnerability in Asterisk Business Edition and Open Source Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching. | 4.3 |
2008-12-17 | CVE-2008-4223 | Improper Authentication vulnerability in Apple mac OS X Server Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. | 10.0 |