Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-13 | CVE-2022-45724 | Improper Authentication vulnerability in Comfast Cf-Wr610N Firmware 2.3.1 Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSION_ID, and using this SESSION_ID an attacker can then perform authenticated requests. | 5.4 |
| 2023-02-09 | CVE-2023-21425 | Improper Authentication vulnerability in Samsung Android 10.0/11.0 Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information. | 5.5 |
| 2023-02-09 | CVE-2023-21437 | Improper Authentication vulnerability in Samsung Android 10.0/11.0 Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast. | 5.5 |
| 2023-02-09 | CVE-2022-48294 | Improper Authentication vulnerability in Huawei Emui and Harmonyos The IHwAttestationService interface has a defect in authentication. | 7.5 |
| 2023-02-01 | CVE-2023-22501 | Improper Authentication vulnerability in Atlassian Jira Service Management An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into. | 9.1 |
| 2023-01-31 | CVE-2020-20402 | Improper Authentication vulnerability in Portfoliocms Project Portfoliocms 1.0.5 Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation. | 7.5 |
| 2023-01-31 | CVE-2022-30421 | Improper Authentication vulnerability in Toshiba Storage Security Software 1.2.0.7413 Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained via(local) password authentication module. | 7.8 |
| 2023-01-27 | CVE-2022-48066 | Improper Authentication vulnerability in Totolink A830R Firmware 4.1.2Cu.5182 An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted cookie. | 9.8 |
| 2023-01-26 | CVE-2023-20924 | Improper Authentication vulnerability in Google Android In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. | 6.8 |
| 2023-01-26 | CVE-2023-23612 | Improper Authentication vulnerability in Amazon Opensearch OpenSearch is an open source distributed and RESTful search engine. | 8.8 |