Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-19 | CVE-2020-9049 | Improper Authentication vulnerability in Johnsoncontrols C-Cure web and Victor web A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. | 5.3 |
| 2020-11-19 | CVE-2019-20933 | Improper Authentication vulnerability in multiple products InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret). | 9.8 |
| 2020-11-17 | CVE-2020-27558 | Improper Authentication vulnerability in Basetech Ge-131 Bt-1837836 Firmware 20180921 Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream. | 6.5 |
| 2020-11-16 | CVE-2020-8272 | Improper Authentication vulnerability in Citrix Sd-Wan Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8 | 7.5 |
| 2020-11-16 | CVE-2019-19562 | Improper Authentication vulnerability in Harman Hermes 2.1 An authentication bypass in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with physical access to device hardware to obtain system information. | 4.6 |
| 2020-11-16 | CVE-2019-19560 | Improper Authentication vulnerability in Harman Hermes 1.5 An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with physical access to device hardware to obtain system information. | 4.6 |
| 2020-11-13 | CVE-2020-28638 | Improper Authentication vulnerability in Dyne Tomb ask_password in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is non-empty, causing affected users' files to be encrypted with "tomb {W] Detected DISPLAY, but only pinentry-curses is found." as the encryption key. | 9.8 |
| 2020-11-12 | CVE-2020-2050 | Improper Authentication vulnerability in Paloaltonetworks Pan-Os An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. | 8.2 |
| 2020-11-09 | CVE-2020-26168 | Improper Authentication vulnerability in Hazelcast and JET The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and Jet Enterprise 4.x through 4.2, doesn't verify properly the password in some system-user-dn scenarios. | 9.8 |
| 2020-11-09 | CVE-2020-26542 | Improper Authentication vulnerability in Percona Server 20201002 An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the account password, leading to access against the service integrated with which Active Directory is deployed at the level granted to the authenticating account. | 9.8 |