Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-30 | CVE-2021-41992 | Improper Authentication vulnerability in Pingidentity Pingid Integration for Windows Login A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. | 5.6 |
| 2022-04-27 | CVE-2022-24885 | Improper Authentication vulnerability in Nextcloud Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. | 2.4 |
| 2022-04-26 | CVE-2022-24883 | Improper Authentication vulnerability in multiple products FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). | 9.8 |
| 2022-04-25 | CVE-2021-36460 | Improper Authentication vulnerability in Veryfitpro Project Veryfitpro VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. | 7.8 |
| 2022-04-20 | CVE-2022-29534 | Improper Authentication vulnerability in Misp An issue was discovered in MISP before 2.4.158. | 7.5 |
| 2022-04-19 | CVE-2021-26627 | Improper Authentication vulnerability in QCP Qcp200W Firmware Real-time image information exposure is caused by insufficient authentication for activated RTSP port. | 7.5 |
| 2022-04-19 | CVE-2022-1065 | Improper Authentication vulnerability in Abacus products A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. | 8.8 |
| 2022-04-15 | CVE-2022-20695 | Improper Authentication vulnerability in Cisco products A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of the password validation algorithm. | 10.0 |
| 2022-04-15 | CVE-2022-26034 | Improper Authentication vulnerability in Yokogawa B/M9000 VP and Centum VP Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server. | 9.1 |
| 2022-04-13 | CVE-2022-22956 | Improper Authentication vulnerability in VMWare products VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. | 9.8 |