CWE-307

Improper Restriction of Excessive Authentication Attempts

Parent: CWE-1390 - Weak Authentication

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

586 vulnerabilities with CWE-307
CVE-2022-30235 HIGH
Wiser Smart EER21000 and EER21001 < 4.5 - Unauthenticated Brute Force Attack
CVSS 8.6
CVE-2022-29084 HIGH
Dell Unity <5.2.0.0.5.173 - Info Disclosure
CVSS 8.1
CVE-2022-24044 HIGH
Siemens Desigo DXR2, PXC3, PXC4, PXC5 - Unauthenticated Password Spraying via Login Functionality
CVSS 7.5
CVE-2022-26519 MEDIUM
Hills ComNav <3002-19 - Auth Bypass
CVSS 5.5
CVE-2022-22561 HIGH
Dell PowerScale OneFS <9.3.0 - Auth Bypass
CVSS 8.1
CVE-2022-25820 MEDIUM
Android - Improper Restriction of Excessive Authentication Attempts via Fingerprint Matching Algorithm
CVSS 4.2
CVE-2022-26314 CRITICAL
Mendix Forgot Password Appstore - Info Disclosure
CVSS 9.8
CVE-2022-22810 CRITICAL
Schneider Electric spaceLYnk, Wiser for KNX, fellerLYnk <2.6.2 - Auth Brute-Force
CVSS 9.8
CVE-2022-22553 HIGH
Dell EMC AppSync 3.9-4.3 - Auth Bypass
CVSS 8.1
CVE-2021-22530 HIGH
NetIQ Advance Authentication <6.3.5.1 - Info Disclosure
CVSS 8.2
CVE-2021-27782 MEDIUM
HCL BigFix Mobile - Info Disclosure
CVSS 5.4
CVE-2021-22640 HIGH
Ovarro TBox < 1.46 - Insufficiently Protected Credentials via Communication Capture
CVSS 7.5
CVE-2021-43958 CRITICAL
Fisheye/Crucible <4.8.9 - Auth Bypass
CVSS 9.8
CVE-2021-22818 HIGH
EVlink <R8 V3.4.0.2 - Info Disclosure
CVSS 7.5
CVE-2021-43298 CRITICAL
GoAhead < 5.1.4 - Unauthenticated Password Brute-Force via Timing Attack
CVSS 9.8
CVE-2021-41807 HIGH
M-Files Server and Web < 21.12.10873.0 - Unauthenticated Brute-Force Attack via Missing Rate Limiting
CVSS 7.5
CVE-2021-36750 HIGH
ENC DataVault < 7.2 and VaultAPI < 67.0 - Weak Password Hashing
CVSS 8.1
CVE-2021-37934 CRITICAL
Huntflow Enterprise < 3.10.14 - Unauthenticated Brute-Force Attack via Login Endpoint
CVSS 9.8
CVE-2021-42544 HIGH
TopEase <= 7.1.27 - Unauthenticated Excessive Authentication Attempts via Login Form
CVSS 7.5
CVE-2021-38890 HIGH
IBM Sterling Connect:Direct Web Services - Info Disclosure
CVSS 7.5
CVE-2021-41435 CRITICAL
ASUS GT-AX11000 and Multiple Router Models < 3.0.0.4.386.45898 - Brute-Force Protection Bypass via CAPTCHA HTTP Request
CVSS 9.8
CVE-2021-44033 MEDIUM
Ionic Identity Vault < 5.0.5 - PIN Unlock Lockout Bypass
CVSS 6.8
CVE-2021-33209 MEDIUM
Fimer Aurora Vision <2.97.10 - Info Disclosure
CVSS 5.3
CVE-2021-41171 MEDIUM
elabftw < 4.1.0 - Brute-Force Protection Bypass via PHPSESSID Manipulation
CVSS 5.9
CVE-2021-42096 MEDIUM
GNU Mailman < 2.1.35 - Privilege Escalation via CSRF Token Brute-Force Attack
CVSS 4.3
Details
Vulnerabilities 586
Links
MITRE CWE Entry Search this CWE With Exploits