Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2002-08-12 CVE-2002-0507 Improper Authentication vulnerability in multiple products
An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.
local
low complexity
microsoft rsa CWE-287
2.1
2002-07-03 CVE-2002-0563 Improper Authentication vulnerability in Oracle products
The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes.
network
low complexity
oracle CWE-287
5.0
2001-12-31 CVE-2001-1585 Improper Authentication vulnerability in Openbsd Openssh 2.3.1
SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file.
network
openbsd CWE-287
6.8