Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-3944

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-03 Jun, 2014 | 14:00
Updated At-06 Aug, 2024 | 10:57
Rejected At-
Credits

The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:03 Jun, 2014 | 14:00
Updated At:06 Aug, 2024 | 10:57
Rejected At:
▼CVE Numbering Authority (CNA)

The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.debian.org/security/2014/dsa-2942
vendor-advisory
x_refsource_DEBIAN
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2014/06/03/2
mailing-list
x_refsource_MLIST
Hyperlink: http://www.debian.org/security/2014/dsa-2942
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.openwall.com/lists/oss-security/2014/06/03/2
Resource:
mailing-list
x_refsource_MLIST
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.debian.org/security/2014/dsa-2942
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/
x_refsource_CONFIRM
x_transferred
http://www.openwall.com/lists/oss-security/2014/06/03/2
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.debian.org/security/2014/dsa-2942
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2014/06/03/2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:03 Jun, 2014 | 14:55
Updated At:12 Apr, 2025 | 10:46

The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CPE Matches
TYPO3 Association
typo3
>>typo3>>6.2
cpe:2.3:a:typo3:typo3:6.2:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>6.2.0
cpe:2.3:a:typo3:typo3:6.2.0:beta1:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>6.2.0
cpe:2.3:a:typo3:typo3:6.2.0:beta2:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>6.2.0
cpe:2.3:a:typo3:typo3:6.2.0:beta3:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>6.2.1
cpe:2.3:a:typo3:typo3:6.2.1:*:*:*:*:*:*:*
TYPO3 Association
typo3
>>typo3>>6.2.2
cpe:2.3:a:typo3:typo3:6.2.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
CWE ID: CWE-287
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/cve@mitre.org
Vendor Advisory
http://www.debian.org/security/2014/dsa-2942cve@mitre.org
N/A
http://www.openwall.com/lists/oss-security/2014/06/03/2cve@mitre.org
N/A
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.debian.org/security/2014/dsa-2942af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2014/06/03/2af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2014/dsa-2942
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2014/06/03/2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2014/dsa-2942
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2014/06/03/2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

74Records found
CVE-2013-6171
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.24% / 47.73%
||
7 Day CHG~0.00%
Published-09 Dec, 2013 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server.

Action-Not Available
Vendor-n/aDovecot
Product-dovecotn/a
CWE ID-CWE-287
Improper Authentication
CVE-2013-6006
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.8||MEDIUM
EPSS-0.19% / 40.27%
||
7 Day CHG~0.00%
Published-28 Dec, 2013 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-garoonn/a
CWE ID-CWE-287
Improper Authentication
CVE-2013-3656
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.8||MEDIUM
EPSS-0.26% / 49.03%
||
7 Day CHG~0.00%
Published-18 Jul, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-cybozu_officen/a
CWE ID-CWE-287
Improper Authentication
CVE-2012-5633
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-1.79% / 82.80%
||
7 Day CHG~0.00%
Published-12 Mar, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-cxfn/a
CWE ID-CWE-287
Improper Authentication
CVE-2012-4418
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.33% / 55.78%
||
7 Day CHG-0.08%
Published-09 Oct, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-axis2n/a
CWE ID-CWE-287
Improper Authentication
CVE-2012-5352
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.23% / 46.06%
||
7 Day CHG~0.00%
Published-09 Oct, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Java Open Single Sign-On Project Home (JOSSO) allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."

Action-Not Available
Vendor-josson/a
Product-java_open_single_sign-on_project_homen/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-5053
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-5.8||MEDIUM
EPSS-25.54% / 96.24%
||
7 Day CHG-0.66%
Published-06 Jan, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages.

Action-Not Available
Vendor-wi-fin/a
Product-wifi_protected_setup_protocoln/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-7958
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.4||HIGH
EPSS-0.16% / 37.08%
||
7 Day CHG~0.00%
Published-27 Nov, 2018 | 22:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited to intercept and tamper with the data information.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-espace_7950_firmwareespace_7950eSpace 7950
CWE ID-CWE-287
Improper Authentication
CVE-2011-0718
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.52% / 66.69%
||
7 Day CHG~0.00%
Published-25 Feb, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Red Hat Network (RHN) Satellite Server 5.4 does not use a time delay after a failed login attempt, which makes it easier for remote attackers to conduct brute force password guessing attacks.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-network_satellite_servern/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-3761
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.60% / 69.41%
||
7 Day CHG~0.00%
Published-05 Jul, 2018 | 16:00
Updated-05 Aug, 2024 | 04:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised.

Action-Not Available
Vendor-Nextcloud GmbH
Product-nextcloud_serverNextcloud Server
CWE ID-CWE-287
Improper Authentication
CVE-2010-3868
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.28% / 51.17%
||
7 Day CHG~0.00%
Published-17 Nov, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-dogtag_certificate_systemcertificate_systemn/a
CWE ID-CWE-287
Improper Authentication
CVE-2010-0744
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.39% / 59.80%
||
7 Day CHG~0.00%
Published-20 Apr, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof an MSN server via an arbitrary certificate.

Action-Not Available
Vendor-alvaron/a
Product-alvaros_messengern/a
CWE ID-CWE-287
Improper Authentication
CVE-2010-1040
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.24% / 47.39%
||
7 Day CHG~0.00%
Published-23 Mar, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the "simple login" functionality via unknown vectors related to spoofing.

Action-Not Available
Vendor-tejimayan/a
Product-openpnen/a
CWE ID-CWE-287
Improper Authentication
CVE-2010-0756
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.69% / 71.96%
||
7 Day CHG~0.00%
Published-27 Feb, 2010 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote attackers to hijack web sessions by setting the jsessionid parameter to (1) index.php/Comment/Main, (2) index.php/Comment/Main/Home_Wiky, or (3) index.php/Edit/Main.

Action-Not Available
Vendor-wikyblogn/a
Product-wikyblogn/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-12848
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.51% / 66.47%
||
7 Day CHG~0.00%
Published-05 Jun, 2020 | 13:00
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. An anonymous user that obtains a valid public link can get the associated hidden account username and password and proceed to login to the web application. Once logged into the web application with the hidden user account, some actions that were not available with the public share link can now be performed.

Action-Not Available
Vendor-pydion/a
Product-cellsn/a
CWE ID-CWE-287
Improper Authentication
CVE-2013-2993
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.20% / 41.47%
||
7 Day CHG~0.00%
Published-31 Jul, 2013 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_commercen/a
CWE ID-CWE-287
Improper Authentication
CVE-2013-0937
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.8||MEDIUM
EPSS-0.21% / 42.78%
||
7 Day CHG~0.00%
Published-10 May, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-documentum_records_managerdocumentum_wdkdocumentum_webtopdocumentum_taskspacen/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-5426
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-4.8||MEDIUM
EPSS-0.42% / 62.00%
||
7 Day CHG~0.00%
Published-10 Apr, 2019 | 17:53
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SSH is enabled in the system settings.

Action-Not Available
Vendor-Ubiquiti Inc.
Product-edgeswitch_xEdgeMAX
CWE ID-CWE-287
Improper Authentication
CVE-2012-5353
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.15% / 35.94%
||
7 Day CHG~0.00%
Published-09 Oct, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."

Action-Not Available
Vendor-eduservn/a
Product-openathens_service_providern/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-1766
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.33% / 55.98%
||
7 Day CHG~0.00%
Published-23 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies, or by leveraging an unattended workstation.

Action-Not Available
Vendor-n/aWikimedia Foundation
Product-mediawikin/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-1411
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.28% / 51.47%
||
7 Day CHG~0.00%
Published-02 Sep, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

Action-Not Available
Vendor-shibbolethn/a
Product-shibboleth-identity-provideropensamln/a
CWE ID-CWE-287
Improper Authentication
CVE-2012-1100
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.30% / 53.74%
||
7 Day CHG~0.00%
Published-14 Feb, 2014 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_operations_networkn/a
CWE ID-CWE-287
Improper Authentication
CVE-2012-0062
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.27% / 50.82%
||
7 Day CHG~0.00%
Published-14 Feb, 2014 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_operations_networkn/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-2701
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.45% / 63.74%
||
7 Day CHG~0.00%
Published-04 Aug, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate.

Action-Not Available
Vendor-n/aFreeRADIUS
Product-freeradiusn/a
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • Next
Details not found