CWE-307

Improper Restriction of Excessive Authentication Attempts

Parent: CWE-1390 - Weak Authentication

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

586 vulnerabilities with CWE-307
CVE-2024-39874 HIGH
SINEMA Remote Connect Server < 3.2 SP1 - Brute Force Attack via Client Communication Component
CVSS 7.5
CVE-2024-39873 HIGH
SINEMA Remote Connect Server < 3.2 SP1 - Brute Force Protection Bypass in Web API
CVSS 7.5
CVE-2024-25031 MEDIUM
IBM Storage Defender - Resiliency Service <2.0.5 - Info Disclosure
CVSS 6.5
CVE-2024-5862 HIGH
Mia-Med Health Aplication <1.0.14 - Auth Bypass
CVSS 7.5
CVE-2024-28022 MEDIUM
HitachiEnergy FOXMAN-UN and UNEM - Improper Restriction of Excessive Authentication Attempts
CVSS 6.5
CVE-2024-35747 MEDIUM
Contact Form Builder, Contact Widget < 2.1.7 - Functionality Bypass via Excessive Authentication Attempts
CVSS 5.3
CVE-2024-28833 MEDIUM
Checkmk 2.3 - Excessive Authentication Attempts with Two-Factor Authentication
CVSS 5.9
CVE-2024-3102 MEDIUM
mintplex-labs/anything-llm - JSON Injection
CVSS 5.3
CVE-2024-32774 MEDIUM
ProfileGrid < 5.8.2 - Improper Restriction of Excessive Authentication Attempts
CVSS 4.3
CVE-2024-32720 MEDIUM
CodePeople Appointment Hour Booking <1.4.56 - Auth Bypass
CVSS 5.3
CVE-2024-3461 MEDIUM
KioWare for Windows <= 8.35 - Unauthenticated PIN Brute Force
CVSS 6.2
CVE-2024-32868 MEDIUM
ZITADEL < 2.50.0 - Excessive Authentication Attempts via TOTP and OTP
CVSS 6.5
CVE-2024-32676 MEDIUM
LoginPress Pro <3.0.0 - Auth Bypass
CVSS 5.3
CVE-2024-28825 MEDIUM
Checkmk < 2.3.0b5, < 2.2.0p26, < 2.1.0p43, 2.0.0 - Improper Restriction of Excessive Authentication Attempts
CVSS 5.9
CVE-2024-30390 MEDIUM
Juniper Junos OS Evolved DoS via Rate-Limit Bypass
CVSS 5.3
CVE-2024-3202 LOW
codelyfe stupid_simple_cms < 1.2.4 - Improper Restriction of Excessive Authentication Attempts in Login Page
CVSS 3.7
CVE-2024-21662 HIGH
Argo CD < 2.8.13, 2.9.9, 2.10.4 - Brute Force Protection Bypass via Cache Overflow
CVSS 7.5
CVE-2024-21652 CRITICAL
Argo CD < 2.8.13, 2.9.0-2.9.8, 2.10.0-2.10.3 - Unauthenticated Brute Force Login Protection Bypass via Denial of Service
CVSS 9.8
CVE-2024-2051 CRITICAL
Schneider Electric Easergy T200 - Improper Restriction of Excessive Authentication Attempts
CVSS 9.8
CVE-2024-24767 CRITICAL
CasaOS-UserService <0.4.7 - Privilege Escalation
CVSS 9.1
CVE-2024-24721 MEDIUM
Innovaphone PBX <14r1 - Auth Bypass
CVSS 6.5
CVE-2024-1104 HIGH
Areal-topkapi Webserv2 <= 6.2.4776 - Brute Force Prevention Bypass
CVSS 7.5
CVE-2024-1345 MEDIUM
LaborOfficeFree <19.10 - Info Disclosure
CVSS 6.8
CVE-2024-21500 MEDIUM
caddy-security - Improper Restriction of Excessive Authentication Attempts via 2FA Bypass
CVSS 4.8
CVE-2024-22425 MEDIUM
Dell RecoverPoint for Virtual Machines <6.0.SP1 - Auth Bypass
CVSS 6.5
Details
Vulnerabilities 586
Links
MITRE CWE Entry Search this CWE With Exploits