CWE-307

Improper Restriction of Excessive Authentication Attempts

Parent: CWE-1390 - Weak Authentication

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

586 vulnerabilities with CWE-307
CVE-2022-30076 MEDIUM
ENTAB ERP 1.0 - Information Disclosure via Brute Force Attack
CVSS 5.3
CVE-2022-2525 CRITICAL
GitHub janeczku/calibre-web <0.6.20 - Auth Bypass
CVSS 9.8
CVE-2022-43947 MEDIUM
Fortinet FortiOS <7.2.3 - Privilege Escalation
CVSS 5.0
CVE-2022-36413 CRITICAL
Zoho ManageEngine ADSelfService Plus <6.203 - DoS
CVSS 9.1
CVE-2022-29056 LOW
Fortinet FortiMail <6.4.0, 6.2.0-6.2.4 - DoS
CVSS 3.7
CVE-2022-34389 LOW
Dell SupportAssist for Business PCs < 3.3.0 and Home PCs < 3.12.3 - Unauthenticated Rate Limit Bypass via ScreenMeet API
CVSS 3.7
CVE-2022-32515 HIGH
Conext ComBox Firmware - Improper Restriction of Excessive Authentication Attempts
CVSS 8.6
CVE-2022-38491 HIGH
EasyVista <2022.1.109.0.03 - Info Disclosure
CVSS 8.2
CVE-2022-4797 MEDIUM
memos < 0.9.1 - Improper Restriction of Excessive Authentication Attempts
CVSS 4.3
CVE-2022-26964 HIGH
Drevolutions Remote Desktop Manager <2022.1 - Info Disclosure
CVSS 7.4
CVE-2022-45893 HIGH
Planet eStream < 6.72.10.07 - Privilege Escalation via ON Cookie Manipulation
CVSS 8.8
CVE-2022-30305 LOW
FortiDeceptor & FortiSandbox - Insufficient Logging of Failed Authentication Attempts
CVSS 3.7
CVE-2022-23746 HIGH
Check Point SSL Network Extender - Unauthenticated Brute-Force Attack via IPsec VPN Portal
CVSS 7.5
CVE-2022-2650 CRITICAL
wger-project/wger <2.2 - Info Disclosure
CVSS 9.8
CVE-2022-37772 HIGH
Maarch RM 2.8-2.8.5 - Unauthenticated Excessive Authentication Attempts via Verbose Responses
CVSS 7.5
CVE-2022-2166 CRITICAL
mastodon < 4.0.0 - Improper Restriction of Excessive Authentication Attempts
CVSS 9.8
CVE-2022-4006 LOW
WBCE CMS - Improper Restriction of Excessive Authentication Attempts
CVSS 3.7
CVE-2022-40903 MEDIUM
Aiphone GT-DMB-N - Privilege Escalation
CVSS 6.5
CVE-2022-3993 CRITICAL
Kavita < 0.6.0.3 - Improper Restriction of Excessive Authentication Attempts
CVSS 9.4
CVE-2022-3945 MEDIUM
Kavita < 0.6.0.3 - Improper Restriction of Excessive Authentication Attempts
CVSS 5.3
CVE-2022-27516 MEDIUM
User Login <brute-force Protection - Auth Bypass
CVSS 5.3
CVE-2022-44023 MEDIUM
pwndoc < 0.5.3 - User Enumeration via Authentication Response Messages
CVSS 5.3
CVE-2022-44022 MEDIUM
pwndoc < 0.5.3 - User Enumeration via Authentication Timing
CVSS 5.3
CVE-2022-3741 CRITICAL
chatwoot < 2.10.0 - Excessive Authentication Attempts and Account Enumeration
CVSS 9.8
CVE-2022-39314 LOW
Kirby < 3.5.8.2, 3.6.6.2, 3.7.5.1, 3.8.1 - User Enumeration via Authentication Attempt Rate Limiting Bypass
CVSS 3.7
Details
Vulnerabilities 586
Links
MITRE CWE Entry Search this CWE With Exploits