CVE & Exploit Intelligence Database

CVE-2017-4989 9.8 CRITICAL EPSS 0.03

In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page. This may be exploited by an attacker to view sensitive information, perform software updates, or run maintenance workflows.

CWE-287 Jun 21, 2017

CVE-2017-3167 9.8 CRITICAL EPSS 0.10

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

CWE-287 Jun 20, 2017

CVE-2017-3745 7.8 HIGH EPSS 0.00

In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts with administrative privileges. This is an issue only for users who have used local authentication with LXCA and not remote authentication against external LDAP or ADFS servers.

CWE-287 Jun 20, 2017

CVE-2017-9552 7.8 HIGH EPSS 0.00

A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME PASSWORD", and local users are able to obtain credentials by sniffing "/proc/*/cmdline".

CWE-522 Jun 13, 2017

CVE-2017-9542 9.8 CRITICAL EPSS 0.02

D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device.

CWE-287 Jun 11, 2017

CVE-2016-7836 9.8 CRITICAL KEV EPSS 0.53

SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.

CWE-287 Jun 09, 2017

CVE-2015-2800 7.5 HIGH EPSS 0.03

The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation.

CWE-287 Jun 08, 2017

CVE-2017-7314 7.5 HIGH 1 PoC Analysis EPSS 0.09

An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available.

CWE-287 Jun 07, 2017

CVE-2014-8180 5.5 MEDIUM EPSS 0.00

MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.

CWE-287 Jun 06, 2017

CVE-2014-9952 7.8 HIGH EPSS 0.00

In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist.

CWE-287 Jun 06, 2017

CVE-2017-9148 9.8 CRITICAL EPSS 0.01

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.

CWE-287 May 29, 2017

CVE-2014-3527 9.8 CRITICAL EPSS 0.00

When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is populated based upon untrusted information within the HTTP request. This means if there are access control restrictions on which CAS services can authenticate to one another, those restrictions can be bypassed. If users are not using CAS Proxy tickets and not basing access control decisions based upon the CAS Service, then there is no impact to users.

CWE-287 May 25, 2017

CVE-2014-0097 7.3 HIGH EPSS 0.00

The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.

CWE-287 May 25, 2017

CVE-2015-6817 8.1 HIGH 1 Writeup EPSS 0.01

PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username.

CWE-287 May 23, 2017

CVE-2016-4863 4.3 MEDIUM EPSS 0.00

The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when "Internet pass-thru Mode" is enabled, which allows attackers with access to STA side LAN can obtain files or data.

CWE-287 May 22, 2017

CVE-2017-9100 8.8 HIGH 1 PoC Analysis EPSS 0.06

login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt.

CWE-287 May 21, 2017

CVE-2017-7937 4.0 MEDIUM EPSS 0.00

An Improper Authentication issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may be able to gain unauthorized access to the user firewall when RADIUS servers are unreachable.

CWE-287 May 19, 2017

CVE-2017-8879 6.8 MEDIUM EPSS 0.00

Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.

CWE-287 May 10, 2017

CVE-2017-8827 9.1 CRITICAL EPSS 0.00

forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might allow remote attackers to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks via a series of requests.

CWE-287 May 08, 2017

CVE-2017-7921 9.8 CRITICAL KEV 28 PoCs Analysis NUCLEI EPSS 0.94

An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.

CWE-287 May 06, 2017