Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-03 | CVE-2022-28790 | Improper Authentication vulnerability in Samsung Link to Windows Service Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. | 3.3 |
| 2022-05-02 | CVE-2022-23722 | Improper Authentication vulnerability in Pingidentity Pingfederate When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password. | 6.5 |
| 2022-05-02 | CVE-2022-23723 | Improper Authentication vulnerability in Pingidentity Pingone MFA Integration KIT An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow. | 7.7 |
| 2022-04-30 | CVE-2021-41992 | Improper Authentication vulnerability in Pingidentity Pingid Integration for Windows Login A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. | 5.6 |
| 2022-04-27 | CVE-2022-24885 | Improper Authentication vulnerability in Nextcloud Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. | 2.4 |
| 2022-04-26 | CVE-2022-24883 | Improper Authentication vulnerability in multiple products FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). | 9.8 |
| 2022-04-25 | CVE-2021-36460 | Improper Authentication vulnerability in Veryfitpro Project Veryfitpro VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. | 7.8 |
| 2022-04-20 | CVE-2022-29534 | Improper Authentication vulnerability in Misp An issue was discovered in MISP before 2.4.158. | 7.5 |
| 2022-04-19 | CVE-2021-26627 | Improper Authentication vulnerability in QCP Qcp200W Firmware Real-time image information exposure is caused by insufficient authentication for activated RTSP port. | 7.5 |
| 2022-04-19 | CVE-2022-1065 | Improper Authentication vulnerability in Abacus products A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. | 8.8 |