CWE-307

Improper Restriction of Excessive Authentication Attempts

Parent: CWE-1390 - Weak Authentication

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

586 vulnerabilities with CWE-307
CVE-2023-43699 HIGH
SICK APU RDT400 < 4.0.0.6 - Unauthenticated Password Brute-Force via Unlimited Login Attempts
CVSS 7.5
CVE-2023-42818 MEDIUM
JumpServer < 3.5.6 - Improper Authentication via SSH Public Key Bypass
CVSS 5.4
CVE-2023-40834 CRITICAL
OpenCart CMS <4.0.2.2 - Auth Bypass
CVSS 9.8
CVE-2023-26271 MEDIUM
IBM Guardium GCKM <1.10.3 - Auth Bypass
CVSS 5.3
CVE-2023-40706 HIGH
SNAP PAC S1 Firmware R10.3b - Info Disclosure
CVSS 8.6
CVE-2023-39958 MEDIUM
Nextcloud Server OAuth2 Client Secret Brute Force
CVSS 5.8
CVE-2023-21709 CRITICAL
Microsoft Exchange Server - Privilege Escalation
CVSS 9.8
CVE-2023-3669 LOW
CODESYS Development System < 3.5.19.20 - Unauthenticated Brute-Force Attack via Import Dialog
CVSS 3.3
CVE-2023-3548 HIGH
IQ Wifi 6 <2.0.2 - Privilege Escalation
CVSS 8.3
CVE-2023-32657 MEDIUM
Weintek Weincloud 0.13.6 - Improper Restriction of Excessive Authentication Attempts
CVSS 5.3
CVE-2023-29301 HIGH
Adobe ColdFusion <2021u6 - Auth Bypass
CVSS 7.5
CVE-2023-36917 MEDIUM
SAP BusinessObjects Business Intelligence Platform - Password Bypass
CVSS 5.9
CVE-2023-3605 MEDIUM
PHPGurukul Online Shopping Portal 1.0 - Auth Bypass
CVSS 6.5
CVE-2023-35697 MEDIUM
SICK ICR890-4 Firmware < 2.5.0 - Unauthenticated Brute-Force Attack via Excessive Authentication Attempts
CVSS 5.3
CVE-2023-33868 MEDIUM
piigab m-bus 900s firmware - Unauthenticated Brute Force via HTTP Basic Authentication
CVSS 5.9
CVE-2023-32224 CRITICAL
D-Link DSL-224 Firmware 3.0.10 - Improper Restriction of Excessive Authentication Attempts
CVSS 9.8
CVE-2023-35172 HIGH
Nextcloud Server 21.0.0-21.0.9.12, 25.0.0-25.0.7 - Brute Force Attack via Password Reset Links
CVSS 8.7
CVE-2023-32320 HIGH
Nextcloud Server 21.0.0-21.0.9.11 25.0.0-25.0.6 - Brute Force Attack via Parallel Request Bypass
CVSS 8.7
CVE-2023-3173 CRITICAL
GitHub froxlor/froxlor <2.0.20 - Info Disclosure
CVSS 9.8
CVE-2023-34243 MEDIUM
tgstation-server 4.0.0-5.12.4 - Unauthenticated Username Enumeration via Login Endpoint Brute Force
CVSS 5.8
CVE-2023-33754 MEDIUM
Inpiazza Cloud WiFi <4.2.17 - Info Disclosure
CVSS 6.5
CVE-2023-23755 HIGH
Joomla! 4.2.0-4.3.1 - Unauthenticated Brute Force Attack via MFA Screen
CVSS 7.5
CVE-2023-32319 HIGH
Nextcloud Server 24.0.0-24.0.10 - Unauthenticated Brute-Force Attack via WebDAV Basic Auth Header
CVSS 8.1
CVE-2023-32074 HIGH
Nextcloud user_oidc < 1.3.2 - Authentication Bypass
CVSS 8.0
CVE-2023-2531 CRITICAL
Azuracast < 0.18.3 - Improper Restriction of Excessive Authentication Attempts
CVSS 9.8
Details
Vulnerabilities 586
Links
MITRE CWE Entry Search this CWE With Exploits