Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-01 | CVE-2021-3282 | Improper Authentication vulnerability in Hashicorp Vault 1.6.0/1.6.1 HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. | 7.5 |
| 2021-02-01 | CVE-2020-15835 | Improper Authentication vulnerability in Mofinetwork Mofi4500-4Gxelte Firmware 4.1.5Std An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. | 9.8 |
| 2021-01-29 | CVE-2021-25910 | Improper Authentication vulnerability in Zivautomation 4Cct-Ea6-334126Bf Firmware 3.23.77.8.33251 Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user. | 6.5 |
| 2021-01-27 | CVE-2021-26117 | Improper Authentication vulnerability in multiple products The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. | 7.5 |
| 2021-01-26 | CVE-2021-3297 | Improper Authentication vulnerability in Zyxel Nbg2105 Firmware V1.00(Aagu.2)C0 On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access. | 7.8 |
| 2021-01-26 | CVE-2021-25863 | Improper Authentication vulnerability in Open5Gs 2.1.3 Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account. | 8.8 |
| 2021-01-19 | CVE-2020-27266 | Improper Authentication vulnerability in Sooil products In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy. | 6.5 |
| 2021-01-15 | CVE-2021-22171 | Improper Authentication vulnerability in Gitlab Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link | 6.5 |
| 2021-01-13 | CVE-2020-27488 | Improper Authentication vulnerability in Loxone Miniserver GEN 1 Firmware Loxone Miniserver devices with firmware before 11.1 (aka 11.1.9.3) are unable to use an authentication method that is based on the "signature of the update package." Therefore, these devices (or attackers who are spoofing these devices) can continue to use an unauthenticated cloud service for an indeterminate time period (possibly forever). | 9.8 |
| 2021-01-13 | CVE-2020-5686 | Improper Authentication vulnerability in NEC Univerge Sv8500 Firmware and Univerge Sv9500 Firmware Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL. | 7.5 |