Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-23 | CVE-2020-1778 | Improper Authentication vulnerability in Otrs When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. | 4.3 |
| 2020-11-23 | CVE-2019-14553 | Improper Authentication vulnerability in Tianocore Edk2 Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access. | 4.9 |
| 2020-11-19 | CVE-2020-9049 | Improper Authentication vulnerability in Johnsoncontrols C-Cure web and Victor web A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. | 5.3 |
| 2020-11-19 | CVE-2019-20933 | Improper Authentication vulnerability in multiple products InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret). | 9.8 |
| 2020-11-17 | CVE-2020-27558 | Improper Authentication vulnerability in Basetech Ge-131 Bt-1837836 Firmware 20180921 Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream. | 6.5 |
| 2020-11-16 | CVE-2020-8272 | Improper Authentication vulnerability in Citrix Sd-Wan Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8 | 7.5 |
| 2020-11-16 | CVE-2019-19562 | Improper Authentication vulnerability in Harman Hermes 2.1 An authentication bypass in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with physical access to device hardware to obtain system information. | 4.6 |
| 2020-11-16 | CVE-2019-19560 | Improper Authentication vulnerability in Harman Hermes 1.5 An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with physical access to device hardware to obtain system information. | 4.6 |
| 2020-11-13 | CVE-2020-28638 | Improper Authentication vulnerability in Dyne Tomb ask_password in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is non-empty, causing affected users' files to be encrypted with "tomb {W] Detected DISPLAY, but only pinentry-curses is found." as the encryption key. | 9.8 |
| 2020-11-12 | CVE-2020-2050 | Improper Authentication vulnerability in Paloaltonetworks Pan-Os An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. | 8.2 |