Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-27 | CVE-2021-26117 | Improper Authentication vulnerability in multiple products The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. | 7.5 |
| 2021-01-26 | CVE-2021-3297 | Improper Authentication vulnerability in Zyxel Nbg2105 Firmware V1.00(Aagu.2)C0 On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access. | 7.8 |
| 2021-01-26 | CVE-2021-25863 | Improper Authentication vulnerability in Open5Gs 2.1.3 Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account. | 8.8 |
| 2021-01-19 | CVE-2020-27266 | Improper Authentication vulnerability in Sooil products In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy. | 6.5 |
| 2021-01-15 | CVE-2021-22171 | Improper Authentication vulnerability in Gitlab Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link | 6.5 |
| 2021-01-13 | CVE-2020-27488 | Improper Authentication vulnerability in Loxone Miniserver GEN 1 Firmware Loxone Miniserver devices with firmware before 11.1 (aka 11.1.9.3) are unable to use an authentication method that is based on the "signature of the update package." Therefore, these devices (or attackers who are spoofing these devices) can continue to use an unauthenticated cloud service for an indeterminate time period (possibly forever). | 9.8 |
| 2021-01-13 | CVE-2020-5686 | Improper Authentication vulnerability in NEC Univerge Sv8500 Firmware and Univerge Sv9500 Firmware Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL. | 7.5 |
| 2021-01-13 | CVE-2020-5633 | Improper Authentication vulnerability in NEC Baseboard Management Controller 1.07/1.09 Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Controller (BMC) firmware Rev1.09 and earlier is applied allows remote attackers to bypass authentication and then obtain/modify BMC setting information, obtain monitoring information, or reboot/shut down the vulnerable product via unspecified vectors. | 9.8 |
| 2021-01-06 | CVE-2020-36176 | Improper Authentication vulnerability in Ithemes Security The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs. | 7.5 |
| 2021-01-06 | CVE-2012-10001 | Improper Authentication vulnerability in Limit Login Attempts Project Limit Login Attempts The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-force authentication attempts. | 9.8 |