Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-01 | CVE-2020-28970 | Improper Authentication vulnerability in Westerndigital MY Cloud OS 5 An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. | 9.8 |
| 2020-12-01 | CVE-2020-28940 | Improper Authentication vulnerability in Westerndigital MY Cloud OS 5 On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device. | 9.8 |
| 2020-11-30 | CVE-2020-29392 | Improper Authentication vulnerability in Lock Password Manager Safe APP Project Lock Password Manager Safe APP 2.3 The Estil Hill Lock Password Manager Safe app 2.3 for iOS has a *#06#* backdoor password. | 4.6 |
| 2020-11-30 | CVE-2020-29127 | Improper Authentication vulnerability in Fujitsu Eternus Storage Dx200 S4 Firmware 20201125 An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. | 9.8 |
| 2020-11-29 | CVE-2020-29378 | Improper Authentication vulnerability in Vsolcn products An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. | 8.8 |
| 2020-11-24 | CVE-2020-7378 | Improper Authentication vulnerability in Opencrx CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. | 9.1 |
| 2020-11-23 | CVE-2020-4771 | Improper Authentication vulnerability in IBM Spectrum Protect Operations Center IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. | 5.3 |
| 2020-11-23 | CVE-2020-1778 | Improper Authentication vulnerability in Otrs When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. | 4.3 |
| 2020-11-23 | CVE-2019-14553 | Improper Authentication vulnerability in Tianocore Edk2 Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access. | 4.9 |
| 2020-11-19 | CVE-2020-9049 | Improper Authentication vulnerability in Johnsoncontrols C-Cure web and Victor web A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. | 5.3 |