Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1434 | Improper Authentication vulnerability in Pete Werner Login Ldap 3.1/3.2 login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or password. | 6.8 |
| 2003-12-31 | CVE-2003-1433 | Improper Authentication vulnerability in Epic Games Unreal Engine 226F/433/436 Epic Games Unreal Engine 226f through 436 does not validate the challenge key, which allows remote attackers to exhaust the player limit by joining the game multiple times. | 4.3 |
| 2003-12-31 | CVE-2003-1343 | Improper Authentication vulnerability in Trend Micro Scanmail Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3". | 7.5 |
| 2002-12-31 | CVE-2002-2417 | Improper Authentication vulnerability in Acftp 1.4 acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges. | 10.0 |
| 2002-12-31 | CVE-2002-2397 | Improper Authentication vulnerability in Symantec Sygate Personal Firewall 5.0 Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0. | 10.0 |
| 2002-12-31 | CVE-2002-2279 | Improper Authentication vulnerability in Aldap 0.09 Unspecified vulnerability in the bind function in config.inc of aldap 0.09 allows remote attackers to authenticate with Manager permissions. | 10.0 |
| 2002-08-12 | CVE-2002-0507 | Improper Authentication vulnerability in multiple products An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA. | 2.1 |
| 2002-07-03 | CVE-2002-0563 | Improper Authentication vulnerability in Oracle products The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes. | 5.0 |
| 2001-12-31 | CVE-2001-1585 | Improper Authentication vulnerability in Openbsd Openssh 2.3.1 SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file. | 6.8 |