A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files.
The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag
The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. Someone can use this vulnerability to obtain sensitive information from the system, such as usernames and passwords. This information can then be used to reconfigure or disable the alarm system.
The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. The security control that the application currently has in place is a simple Username and Password authentication function. Using enumeration, an attacker is able to forge a User specific token without the need for correct password to gain access to the mobile application as that victim user.
A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service.
The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check.
In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately gain administrative access on the web administrative interface.
The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality.
PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information.
A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This vulnerability affects unknown code of the file /api/ of the component Web API. The manipulation leads to improper authentication. The exploit has been disclosed to the public and may be used. VDB-241030 is the identifier assigned to this vulnerability.
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly, allowing the caller to specify any values for these parameters and successfully authenticate. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the site's Zoom SDK key.
Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as possible.
Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation.
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header, without verifying that it matches the actual requested URI. This allows an attacker who possesses any valid digest response (computed for URI-A) to authenticate requests to a completely different protected URI (URI-B), bypassing per-resource access control. This vulnerability is fixed in 3.3.8.
An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. There exist a few pages that are directly accessible by any unauthorized user, e.g., logout.php and login.php. This occurs because of checking the value of NO_NEED_AUTH. If the value of NO_NEED_AUTH is 1, the user has direct access to the webpage without any authentication. By appending a query string NO_NEED_AUTH with the value of 1 to any protected URL, any unauthorized user can access the application directly, as demonstrated by bsc_lan.php?NO_NEED_AUTH=1.
A vulnerability has been found in Kehua Charging Pile Cloud Platform 1.0 and classified as critical. This vulnerability affects unknown code of the file /home. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6.3 because the RTSP protocol authentication is disabled by default, which could let a malicious user obtain unauthorized access to the live video stream.
A vulnerability classified as critical has been found in Metasoft 美特软件 MetaCRM up to 6.4.2. This affects an unknown part of the file /debug.jsp. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
An improper authentication vulnerability has been reported to affect Android App Qfile. If exploited, this vulnerability allows attackers to compromise app and access information We have already fixed this vulnerability in the following versions of Qfile: Qfile 3.0.0.1105 and later
Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
An authentication bypass in the /cgi-bin/jvsweb.cgi endpoint of Revotech I6032W-FHW v1.0.0014 - 20210517 allows attackers to access sensitive information and escalate privileges via a crafted HTTP request.
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is fixed in the latest version.
This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication mechanism. The issue is due to insufficient authentication on post-authentication requests. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from unauthenticated users. Was ZDI-CAN-10182.
In createNameCredentialDialog of CertInstaller.java, there exists the possibility of improperly installed certificates due to a logic error. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-163413737
A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32.
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Broken Access Control vulnerability, identified in the get_relatorios_socios.php endpoint. This vulnerability allows unauthenticated attackers to directly access sensitive personal and financial information of members without requiring authentication or authorization. This issue is fixed in version 3.5.0.
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.
The PixelYourSite – Your smart PIXEL (TAG) & API Manager and the PixelYourSite PRO plugins for WordPress are vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.7.1 and 10.4.2, respectively, through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, and to delete log files.
A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672
An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. There is a SIM Lock bypass. The Samsung ID is SVE-2016-5381 (June 2016).
Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06.
Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints.
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager.
macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve authentication bypass.
A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresses, IP addresses, and email addresses. Once an API key has been set to any meta key value from the wp_usermeta table, and the token is set to the corresponding MD5 hash of the meta key selected, one can make a request to the restricted endpoints, and thus access sensitive donor data.
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. By default, a mobile application is used to stream over UDP. However, the device offers many more services that also enable streaming. Although the service used by the mobile application requires a password, the other streaming services do not. By initiating communication on the RTSP port, an attacker can obtain access to the video feed without authenticating.
Improper Authentication vulnerability in Nadatel DVR allows Information Elicitation.This issue affects DVR: from 3.0.0 before 9.9.0.
Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by changing a certain check_pwd return value from 0 to 1. An attack does not achieve administrative control of a device; however, the attacker can view all of the web pages of the administration console.
Improper Authentication vulnerability in wpase Admin and Site Enhancements (ASE) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Admin and Site Enhancements (ASE): from n/a through 5.7.1.
Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.
Soft Serve is a self-hostable Git server for the command line. Prior to version 0.6.2, a security vulnerability in Soft Serve could allow an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentication is active, through the `allow-keyless` setting, and the public key requires additional client-side verification for example using FIDO2 or GPG. This is due to insufficient validation procedures of the public key step during SSH request handshake, granting unauthorized access if the keyboard-interaction mode is utilized. An attacker could exploit this vulnerability by presenting manipulated SSH requests using keyboard-interactive authentication mode. This could potentially result in unauthorized access to the Soft Serve. Users should upgrade to the latest Soft Serve version `v0.6.2` to receive the patch for this issue. To workaround this vulnerability without upgrading, users can temporarily disable Keyboard-Interactive SSH Authentication using the `allow-keyless` setting.
A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker.
Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.
Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass. This vulnerability is fixed in 5.4.47, 6.4.15, and 7.1.8.
Improper authentication vulnerability in Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote unauthenticated attacker to log in to the product's Control Panel and perform an unintended operation.
The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the registration button on the login page. Users could bypass this restriction by directly accessing the registration URL (/ui/login/loginname) and register a user that way. Versions 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7 contain a patch. No known workarounds are available.
An unauthorized attacker who has obtained an IBM Watson IoT Platform 1.0 security authentication token can use it to impersonate an authorized platform user. IBM X-Force ID: 261201.