CWE-307

Improper Restriction of Excessive Authentication Attempts

Parent: CWE-1390 - Weak Authentication

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

586 vulnerabilities with CWE-307
CVE-2024-22317 CRITICAL
IBM App Connect Enterprise - Info Disclosure/DoS
CVSS 9.1
CVE-2023-54347 HIGH
OpenEMR 7.0.1 Authentication Brute Force Mitigation Bypass
CVSS 7.5
CVE-2023-32251 LOW
Linux kernel's ksmbd - Privilege Escalation
CVSS 3.7
CVE-2023-34732 MEDIUM
Flytxt NEON-dX < 0.0.1 - Brute Force Attack via UserId Parameter
CVSS 5.4
CVE-2023-48745 MEDIUM
WebFactory Ltd Captcha Code <2.9 - Auth Bypass
CVSS 5.3
CVE-2023-48318 MEDIUM
CodePeople Contact Form Email <= 1.3.41 - Captcha Bypass via Excessive Authentication Attempts
CVSS 5.3
CVE-2023-48290 MEDIUM
Form Maker by 10Web < 1.15.20 - CAPTCHA Bypass via Excessive Authentication Attempts
CVSS 5.3
CVE-2023-48276 MEDIUM
Nitin Rathod WP Forms Puzzle Captcha <4.1 - Auth Bypass
CVSS 5.3
CVE-2023-45009 MEDIUM
Forge12 Captcha/Honeypot <1.11.3 - Auth Bypass
CVSS 5.3
CVE-2023-44235 MEDIUM
Devnath verma WP Captcha <2.0.0 - Auth Bypass
CVSS 5.3
CVE-2023-34001 MEDIUM
Hide My WP Ghost <= 5.0.25 - Captcha Bypass via Excessive Authentication Attempts
CVSS 5.3
CVE-2023-23730 MEDIUM
Brainstorm Force Spectra <= 2.3.0 - Captcha Bypass via Excessive Authentication Attempts
CVSS 5.3
CVE-2023-45191 HIGH
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 - Inadequate Account Lockout Setting
CVSS 7.5
CVE-2023-45190 MEDIUM
IBM Engineering Lifecycle Optimization 7.0.2-7.0.3 - HTTP Header Injection via HOST Header
CVSS 5.1
CVE-2023-38273 HIGH
IBM Cloud Pak System <2.3.3.7 - Info Disclosure
CVSS 7.5
CVE-2023-50326 HIGH
IBM PowerSC 1.3, 2.0, and 2.1 - Inadequate Account Lockout Setting
CVSS 7.5
CVE-2023-33759 CRITICAL
SpliceCom Maximiser Soft PBX <1.5 - Auth Bypass
CVSS 9.8
CVE-2023-50123 HIGH
Hozard Alarm System 1.0 - Unauthenticated Brute Force via SMS Authentication
CVSS 8.1
CVE-2023-49810 HIGH
WWBN AVideo - Login Attempt Restriction Bypass via Captcha Bypass
CVSS 7.3
CVE-2023-49792 MEDIUM
Nextcloud Server 23.0.0-23.0.12.13, 26.0.0-26.0.9 - Authentication Bypass via Trusted Proxy Spoofing
CVSS 5.3
CVE-2023-6912 HIGH
M-Files Server < 23.12.13205.0 - Unauthenticated Brute Force Attack via Unlimited Authentication Attempts
CVSS 7.5
CVE-2023-27172 CRITICAL
Xpand IT Write-back Manager <2.3.1 - Auth Bypass
CVSS 9.1
CVE-2023-6928 CRITICAL
EuroTel ETL3100 v01c01 and v01x37 - Unauthenticated Excessive Authentication Attempts
CVSS 9.8
CVE-2023-6272 CRITICAL
Theme My Login <1.2 - Info Disclosure
CVSS 9.8
CVE-2023-50444 HIGH
PRIMX ZED!/ZEDMAIL <2023.5 & ZONECENTRAL <Q.2021.2 - Unauthenticated Sensitive Info Exposure via Brute Force
CVSS 7.5
Details
Vulnerabilities 586
Links
MITRE CWE Entry Search this CWE With Exploits