Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-05 | CVE-2021-44056 | Improper Authentication vulnerability in Qnap Video Station An improper authentication vulnerability has been reported to affect QNAP device running Video Station. | 9.8 |
| 2022-05-05 | CVE-2021-44057 | Improper Authentication vulnerability in Qnap Photo Station An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. | 9.8 |
| 2022-05-03 | CVE-2022-28790 | Improper Authentication vulnerability in Samsung Link to Windows Service Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. | 3.3 |
| 2022-05-02 | CVE-2022-23722 | Improper Authentication vulnerability in Pingidentity Pingfederate When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password. | 6.5 |
| 2022-05-02 | CVE-2022-23723 | Improper Authentication vulnerability in Pingidentity Pingone MFA Integration KIT An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow. | 7.7 |
| 2022-04-30 | CVE-2021-41992 | Improper Authentication vulnerability in Pingidentity Pingid Integration for Windows Login A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. | 5.6 |
| 2022-04-27 | CVE-2022-24885 | Improper Authentication vulnerability in Nextcloud Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. | 2.4 |
| 2022-04-26 | CVE-2022-24883 | Improper Authentication vulnerability in multiple products FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). | 9.8 |
| 2022-04-25 | CVE-2021-36460 | Improper Authentication vulnerability in Veryfitpro Project Veryfitpro VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. | 7.8 |
| 2022-04-20 | CVE-2022-29534 | Improper Authentication vulnerability in Misp An issue was discovered in MISP before 2.4.158. | 7.5 |