Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-05 | CVE-2020-10539 | Improper Authentication vulnerability in Epikur 20.1.0.1 An issue was discovered in Epikur before 20.1.1. | 9.8 |
| 2021-02-03 | CVE-2020-17523 | Improper Authentication vulnerability in Apache Shiro Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. | 9.8 |
| 2021-02-01 | CVE-2021-3282 | Improper Authentication vulnerability in Hashicorp Vault 1.6.0/1.6.1 HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. | 7.5 |
| 2021-02-01 | CVE-2020-15835 | Improper Authentication vulnerability in Mofinetwork Mofi4500-4Gxelte Firmware 4.1.5Std An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. | 9.8 |
| 2021-01-29 | CVE-2021-25910 | Improper Authentication vulnerability in Zivautomation 4Cct-Ea6-334126Bf Firmware 3.23.77.8.33251 Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user. | 6.5 |
| 2021-01-27 | CVE-2021-26117 | Improper Authentication vulnerability in multiple products The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. | 7.5 |
| 2021-01-26 | CVE-2021-3297 | Improper Authentication vulnerability in Zyxel Nbg2105 Firmware V1.00(Aagu.2)C0 On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access. | 7.8 |
| 2021-01-26 | CVE-2021-25863 | Improper Authentication vulnerability in Open5Gs 2.1.3 Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account. | 8.8 |
| 2021-01-19 | CVE-2020-27266 | Improper Authentication vulnerability in Sooil products In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy. | 6.5 |
| 2021-01-15 | CVE-2021-22171 | Improper Authentication vulnerability in Gitlab Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link | 6.5 |