CWE-307

Improper Restriction of Excessive Authentication Attempts

Parent: CWE-1390 - Weak Authentication

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

586 vulnerabilities with CWE-307
CVE-2022-35846 HIGH
FortiTester <4.2.0 - Info Disclosure
CVSS 8.1
CVE-2022-40055 CRITICAL
GX Group GPON ONT Titanium 2122A T2122-V1.26EXL - Privilege Escalation via Login Page Brute Force
CVSS 9.8
CVE-2022-3031 LOW
GitLab CE/EE <15.1.6, <15.2.4, <15.3.2 - Info Disclosure
CVSS 3.7
CVE-2022-31228 HIGH
Dell EMC XtremIO <X2 6.4.0-22 - Unauthenticated RCE
CVSS 8.1
CVE-2022-33106 CRITICAL
WiJungle U250 Firmware - Unauthenticated Brute Force via Excessive Authentication Attempts
CVSS 9.8
CVE-2022-36781 MEDIUM
ConnectWise ScreenConnect < 22.7 - Unauthenticated Brute Force via Inadequate Rate Limiting
CVSS 5.3
CVE-2022-33735 MEDIUM
WS7200-10 <11.0.2.13 - Info Disclosure
CVSS 6.5
CVE-2022-37145 HIGH
PlexTrac < 1.17.0 - Unauthenticated Excessive Authentication Attempts
CVSS 7.5
CVE-2022-37144 HIGH
PlexTrac < 1.17.0 - Unauthenticated MFA Bypass via Excessive TOTP Attempts
CVSS 8.8
CVE-2022-2822 HIGH
OctoPrint - Authentication Bypass via Brute Force
CVSS 7.5
CVE-2022-35932 LOW
Nextcloud Talk <12.2.7, 13.0.7, 14.0.3 - Info Disclosure
CVSS 3.5
CVE-2022-2457 CRITICAL
Red Hat Process Automation Manager < 7.13.2 - Unauthenticated Brute Force Attack via Administration Console
CVSS 9.8
CVE-2022-35490 CRITICAL
Zammad 5.2.0 - Brute-Force Protection Bypass
CVSS 9.8
CVE-2022-31118 MEDIUM
Nextcloud <22.2.8, <23.0.5, <24.0.1 - Info Disclosure
CVSS 6.5
CVE-2022-35925 MEDIUM
BookWyrm < 0.4.5 - Unauthenticated Brute-Force Attack via Missing Rate Limiting
CVSS 5.3
CVE-2022-31234 HIGH
Dell EMC PowerStore < 3.0.0.0-1732745 - Unauthenticated Password Brute-Force via PowerStore Manager GUI
CVSS 8.1
CVE-2022-24689 MEDIUM
DSK DSKNet <2.17.136.5 - Info Disclosure
CVSS 5.3
CVE-2022-22452 HIGH
IBM Security Verify Identity Manager 10.0 - Info Disclosure
CVSS 7.5
CVE-2022-2321 CRITICAL
GitHub heroiclabs/nakama <3.13.0 - Auth Bypass
CVSS 9.8
CVE-2022-22496 MEDIUM
IBM Spectrum Protect Server <8.1.14 - Info Disclosure
CVSS 6.5
CVE-2022-22487 CRITICAL
IBM Spectrum Protect <8.1.14 - Auth Bypass
CVSS 9.8
CVE-2022-22485 CRITICAL
IBM Spectrum Protect Operations Center <8.1.14.000 - Info Disclosure
CVSS 9.8
CVE-2022-31273 CRITICAL
TopIDP3000 Topsec OS - Info Disclosure
CVSS 9.8
CVE-2022-28386 MEDIUM
Verbatim drives <2022-03-31 - Info Disclosure
CVSS 4.6
CVE-2022-28384 MEDIUM
Verbatim drives <2022-03-31 - Info Disclosure
CVSS 5.5
Details
Vulnerabilities 586
Links
MITRE CWE Entry Search this CWE With Exploits