Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2002-12-31 CVE-2002-2417 Improper Authentication vulnerability in Acftp 1.4
acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges.
network
low complexity
acftp CWE-287
critical
10.0
2002-12-31 CVE-2002-2397 Improper Authentication vulnerability in Symantec Sygate Personal Firewall 5.0
Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0.
network
low complexity
symantec CWE-287
critical
10.0
2002-12-31 CVE-2002-2279 Improper Authentication vulnerability in Aldap 0.09
Unspecified vulnerability in the bind function in config.inc of aldap 0.09 allows remote attackers to authenticate with Manager permissions.
network
low complexity
aldap CWE-287
critical
10.0
2002-08-12 CVE-2002-0507 Improper Authentication vulnerability in multiple products
An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.
local
low complexity
microsoft rsa CWE-287
2.1
2002-07-03 CVE-2002-0563 Improper Authentication vulnerability in Oracle products
The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes.
network
low complexity
oracle CWE-287
5.0
2001-12-31 CVE-2001-1585 Improper Authentication vulnerability in Openbsd Openssh 2.3.1
SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file.
network
openbsd CWE-287
6.8