CWE-307

Improper Restriction of Excessive Authentication Attempts

Parent: CWE-1390 - Weak Authentication

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

586 vulnerabilities with CWE-307
CVE-2023-6756 MEDIUM
Thecosy IceCMS 2.0.1 - Improper Restriction of Excessive Authentication Attempts in Captcha Handler
CVSS 5.3
CVE-2023-49278 MEDIUM
Umbraco <8.0.0-8.18.10-12.3.4 - Info Disclosure
CVSS 5.3
CVE-2023-49443 CRITICAL
DoraCMS v2.1.8 - Brute Force Attack via Verification Code Reuse
CVSS 9.8
CVE-2023-35039 CRITICAL
Password Reset with Code for WordPress REST API <= 0.0.15 - Authentication Abuse via Weak PIN Generation
CVSS 9.8
CVE-2023-24051 CRITICAL
Connectize AC21000 G6 - Privilege Escalation
CVSS 9.8
CVE-2023-48028 CRITICAL
kodbox 1.46.01 - User Enumeration via Login Page Response Messages
CVSS 9.8
CVE-2023-46745 MEDIUM
LibreNMS <23.11.0 - Info Disclosure
CVSS 5.3
CVE-2023-45582 MEDIUM
FortiMail 6.2.0-6.2.8, 7.0.0-7.0.6, 7.2.0-7.2.4 - Unauthenticated Brute Force Attack via Repeated Login Attempts
CVSS 5.6
CVE-2023-42480 MEDIUM
SAP NetWeaver AS Java 7.50 - Unauthenticated User Enumeration via Login Brute Force
CVSS 5.3
CVE-2023-41270 LOW
Samsung Smart TV <T-GAPDEUC-1033.2 - DoS
CVSS 3.5
CVE-2023-2675 CRITICAL
linagora/twake <2023.Q1.1223 - Info Disclosure
CVSS 9.8
CVE-2023-4625 MEDIUM
Mitsubishi Electric MELSEC iQ-F/iQ-R Series - Auth Bypass
CVSS 5.3
CVE-2023-41350 HIGH
Chunghwa Telecom NOKIA G-040W-Q - CSRF
CVSS 7.5
CVE-2023-37832 HIGH
Elenos ETG150 Firmware v3.12 - Unauthenticated Brute Force Attack via Lack of Rate Limiting
CVSS 7.5
CVE-2023-5754 CRITICAL
Sielco PolyEco1000 - Unauthenticated Remote Password Attack via Default Credentials
CVSS 9.1
CVE-2023-42769 CRITICAL
Sielco Analog FM Transmitter Firmware - Unauthenticated Session ID Brute Force and Authentication Bypass
CVSS 9.8
CVE-2023-46123 MEDIUM
fit2cloud jumpserver < 3.8.0 - Unauthenticated Password Brute-Force Protection Bypass via IP Spoofing
CVSS 5.3
CVE-2023-37635 CRITICAL
UVDesk Community Skeleton v1.1.1 - Unauthenticated Login Brute Force
CVSS 9.8
CVE-2023-27152 CRITICAL
OPNsense 23.1 - Unauthenticated Brute-Force Attack via Excessive Authentication Attempts
CVSS 9.8
CVE-2023-45149 MEDIUM
Nextcloud Talk 15.0.0-15.0.8 - Brute Force Protection Bypass via Password Validation Endpoint
CVSS 4.3
CVE-2023-45148 MEDIUM
Nextcloud Server 22.0.0-22.2.10.15 and 25.0.0-25.0.10 - Rate Limit Bypass via Memcached Distributed Cache
CVSS 4.3
CVE-2023-39960 MEDIUM
Nextcloud Server 22.0.0-22.2.10.14, 25.0.0-25.0.9 - Unauthenticated Password Brute Force via WebDAV API
CVSS 5.0
CVE-2023-44111 HIGH
Device Authentication Module - Info Disclosure
CVSS 7.5
CVE-2023-44096 HIGH
Device Authentication Module - Info Disclosure
CVSS 7.5
CVE-2023-36434 CRITICAL
Windows IIS Server - Privilege Escalation
CVSS 9.8
Details
Vulnerabilities 586
Links
MITRE CWE Entry Search this CWE With Exploits