Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2021-02-05 CVE-2020-10539 Improper Authentication vulnerability in Epikur 20.1.0.1
An issue was discovered in Epikur before 20.1.1.
network
low complexity
epikur CWE-287
critical
9.8
2021-02-03 CVE-2020-17523 Improper Authentication vulnerability in Apache Shiro
Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
network
low complexity
apache CWE-287
critical
9.8
2021-02-01 CVE-2021-3282 Improper Authentication vulnerability in Hashicorp Vault 1.6.0/1.6.1
HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication.
network
low complexity
hashicorp CWE-287
7.5
2021-02-01 CVE-2020-15835 Improper Authentication vulnerability in Mofinetwork Mofi4500-4Gxelte Firmware 4.1.5Std
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices.
network
low complexity
mofinetwork CWE-287
critical
9.8
2021-01-29 CVE-2021-25910 Improper Authentication vulnerability in Zivautomation 4Cct-Ea6-334126Bf Firmware 3.23.77.8.33251
Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user.
low complexity
zivautomation CWE-287
6.5
2021-01-27 CVE-2021-26117 Improper Authentication vulnerability in multiple products
The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server.
network
low complexity
apache netapp debian oracle CWE-287
7.5
2021-01-26 CVE-2021-3297 Improper Authentication vulnerability in Zyxel Nbg2105 Firmware V1.00(Aagu.2)C0
On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.
local
low complexity
zyxel CWE-287
7.8
2021-01-26 CVE-2021-25863 Improper Authentication vulnerability in Open5Gs 2.1.3
Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account.
low complexity
open5gs CWE-287
8.8
2021-01-19 CVE-2020-27266 Improper Authentication vulnerability in Sooil products
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy.
low complexity
sooil CWE-287
6.5
2021-01-15 CVE-2021-22171 Improper Authentication vulnerability in Gitlab
Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link
network
low complexity
gitlab CWE-287
6.5