Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-06 | CVE-2021-31245 | Improper Authentication vulnerability in Openmptcprouter 0.57.3 omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares the user provided password with the original password in a length dependent manner, which allows remote attackers to guess the password via a timing attack. | 5.9 |
| 2021-04-30 | CVE-2021-21544 | Improper Authentication vulnerability in Dell Idrac9 Firmware Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. | 2.7 |
| 2021-04-29 | CVE-2021-27651 | Improper Authentication vulnerability in Pega Infinity In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks. | 9.8 |
| 2021-04-29 | CVE-2021-20092 | Improper Authentication vulnerability in Buffalo products The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor. | 7.5 |
| 2021-04-28 | CVE-2021-25147 | Improper Authentication vulnerability in Arubanetworks Airwave A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. | 8.1 |
| 2021-04-28 | CVE-2020-21991 | Improper Authentication vulnerability in AVE products AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. | 9.8 |
| 2021-04-26 | CVE-2021-23365 | Improper Authentication vulnerability in TYK Tyk-Identity-Broker The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. | 9.1 |
| 2021-04-22 | CVE-2021-20590 | Improper Authentication vulnerability in Mitsubishielectric products Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the "VNC server" function is used. | 7.5 |
| 2021-04-21 | CVE-2020-28973 | Improper Authentication vulnerability in Abus Secvest Wireless Alarm System Fuaa50000 Firmware 3.01.17 The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. | 7.5 |
| 2021-04-20 | CVE-2020-7856 | Improper Authentication vulnerability in Cnesty Helpcom 10.0 A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. | 9.8 |