CWE-307

Improper Restriction of Excessive Authentication Attempts

Parent: CWE-1390 - Weak Authentication

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

586 vulnerabilities with CWE-307
CVE-2023-28847 LOW
Nextcloud Server <24.0.11 & <25.0.5 - Info Disclosure
CVSS 3.1
CVE-2023-26756 HIGH
Revive Adserver v5.4.1 - Info Disclosure
CVSS 7.5
CVE-2023-27746 CRITICAL
BlackVue DR750-2CH LTE 1.012_2022.10.26 - Weak Default Passphrase Brute Force via WPA2 Handshake
CVSS 9.8
CVE-2023-29005 HIGH
Flask-AppBuilder < 4.3.0 - Unauthenticated Credential Brute-Force via Missing Rate Limiting
CVSS 7.5
CVE-2023-1665 CRITICAL
linagora/twake <0.0.0. - Auth Bypass
CVSS 9.8
CVE-2023-25818 MEDIUM
Nextcloud Server 21.0.0-21.0.9.10 and 24.0.0-24.0.10 - Brute Force Attack via Password Reset Token
CVSS 5.3
CVE-2023-27100 CRITICAL
Netgate pfSense Plus <v22.05.1 - Auth Bypass
CVSS 9.8
CVE-2023-25820 MEDIUM
Nextcloud Server 21.0.0-21.0.8, 24.0.0-24.0.9 - Brute Force Attack via Confirmation Endpoint
CVSS 4.2
CVE-2023-1539 MEDIUM
GitHub answerdev/answer <1.0.6 - Info Disclosure
CVSS 5.3
CVE-2023-26209 LOW
Fortinet FortiDeceptor <3.1.x - DoS
CVSS 3.7
CVE-2023-26208 LOW
Fortinet FortiAuthenticator <6.4 - DoS
CVSS 3.7
CVE-2023-1101 HIGH
SonicOS < 7.0.1-5111 - Authenticated Excessive MFA Attempts
CVSS 8.8
CVE-2023-26476 HIGH
XWiki Platform <14.7-rc-1, <13.4.4, <13.10.9 - Info Disclosure
CVSS 7.5
CVE-2023-24080 CRITICAL
Chamberlain myQ <5.222.0.32277 - Info Disclosure
CVSS 9.8
CVE-2023-0860 HIGH
modoboa installer < 2.0.4 - Improper Restriction of Excessive Authentication Attempts
CVSS 7.5
CVE-2023-25156 HIGH
Kiwi TCMS < 12.0 - Unauthenticated Brute-Force Attack via Login Page
CVSS 7.5
CVE-2023-0574 MEDIUM
YugabyteDB Managed 2.0.0.0-2.13.0.0 - Server-Side Request Forgery
CVSS 6.8
CVE-2023-24020 HIGH
Snap One Wattbox WB-300-IP-3 <WB10.9a17 - Auth Bypass
CVSS 7.5
CVE-2023-22960 HIGH
Lexmark B2236 Firmware < mslsg.081.233 - Improper Access Control
CVSS 7.5
CVE-2022-45790 HIGH
Omron CJ1G and CJ2H Firmware < 4.1 and CP1E Firmware < 1.3 - Authenticated Brute Force Attack via FINS Protocol
CVSS 8.6
CVE-2022-24402 HIGH
midnightblue tetra - Small Space of Random Values in TEA1 Keystream Generator
CVSS 8.8
CVE-2022-43904 HIGH
IBM Security Guardium <11.4 - Info Disclosure
CVSS 7.5
CVE-2022-32757 HIGH
IBM Security Directory Suite VA 8.0.1-8.0.1.19 - Inadequate Account Lockout Setting
CVSS 7.5
CVE-2022-42478 HIGH
FortiSIEM < 7.0.0 - Excessive Authentication Attempts via Brute Force
CVSS 8.1
CVE-2022-43377 HIGH
Schneider Electric NetBotz 355/450/455/550/570 < 4.7.0 - Excessive Authentication Attempts
CVSS 7.5
Details
Vulnerabilities 586
Links
MITRE CWE Entry Search this CWE With Exploits