CWE-307

Improper Restriction of Excessive Authentication Attempts

Parent: CWE-1390 - Weak Authentication

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

586 vulnerabilities with CWE-307
CVE-2021-38474 MEDIUM
InHand Networks IR615 Router <2.3.0.r4870 - Info Disclosure
CVSS 6.3
CVE-2021-36285 MEDIUM
Dell Latitude BIOS < 1.9.1 - Authenticated Brute Force Attack via NVMe Password Bypass
CVSS 5.7
CVE-2021-36284 MEDIUM
Dell Latitude BIOS < 1.9.1 - Authenticated Brute Force Attack via Admin Password Bypass
CVSS 5.7
CVE-2021-29842 MEDIUM
IBM WebSphere 7.0-9.0 & Liberty 17.0.0.3-21.0.0.9 Username Enumeration via Login Response
CVSS 5.3
CVE-2021-28911 CRITICAL
BAB TECHNOLOGIE eibPort V3 < 3.9.1 - Unauthenticated Sensitive Data Exposure in /tmp Path
CVSS 9.8
CVE-2021-28909 CRITICAL
BAB TECHNOLOGIE eibPort V3 < 3.9.1 - Unauthenticated Brute Force Attack via Login Service
CVSS 9.8
CVE-2021-38725 MEDIUM
Fuel CMS 1.5.0 - Brute Force Attack via Login Controller
CVSS 5.3
CVE-2021-22003 HIGH
VMware Workspace ONE Access and Identity Manager - User Enumeration and Brute Force via Port 7443 Login Interface
CVSS 7.5
CVE-2021-29987 MEDIUM
Firefox < 91.0 - Permission Panel Clickjacking via Overlapping UI
CVSS 6.5
CVE-2021-20427 HIGH
IBM Security Guardium 11.2 - Info Disclosure
CVSS 7.5
CVE-2021-38155 HIGH
OpenStack Keystone <16.0.2-19.0.1 - Info Disclosure
CVSS 7.5
CVE-2021-27943 HIGH
Vizio P65-F1 and E50x-E1 Firmware - Unauthenticated Brute-Force Pairing Attack
CVSS 7.5
CVE-2021-35472 HIGH
LemonLDAP::NG <2.0.12 - Auth Bypass
CVSS 8.8
CVE-2021-3663 HIGH
firefly-iii < 5.5.12 and grumpydictator/firefly-iii < 5.5.13 - Improper Restriction of Excessive Authentication Attempts
CVSS 7.5
CVE-2021-32705 MEDIUM
Nextcloud Server <19.0.13, 20.011, 21.0.3 - Info Disclosure
CVSS 5.3
CVE-2021-32703 MEDIUM
Nextcloud Server <19.0.13, 20.011, 21.0.3 - Info Disclosure
CVSS 5.3
CVE-2021-32678 LOW
Nextcloud Server <19.0.13, 20.0.11, 21.0.3 - Info Disclosure
CVSS 3.7
CVE-2021-20415 HIGH
IBM Guardium Data Encryption <4.0.0.4 - Info Disclosure
CVSS 7.5
CVE-2021-32522 CRITICAL
QSAN Storage Manager < 3.3.1, XEVO < 1.2.0, SANOS < 2.0.0 - Unauthenticated Credential Brute-Force
CVSS 9.8
CVE-2021-28127 HIGH
Stormshield Network Security - Improper Restriction of Excessive Authentication Attempts
CVSS 7.5
CVE-2021-22915 CRITICAL
Nextcloud <19.0.11, 20.0.10, 21.0.2 - DoS
CVSS 9.8
CVE-2021-33190 MEDIUM
Apache APISIX Dashboard <2.6.1 - Info Disclosure
CVSS 5.3
CVE-2021-3412 HIGH
3scale - Unauthenticated Brute Force Attack via Login Endpoint
CVSS 7.3
CVE-2021-22737 CRITICAL
Schneider Electric homeLYnk and spaceLYnk Firmware < 2.6.0 - Unauthenticated Brute Force Credential Discovery
CVSS 9.8
CVE-2021-29023 MEDIUM
InvoicePlane 1.5.11 - Weak Password Reset Token Generation and Missing Rate Limiting
CVSS 5.3
Details
Vulnerabilities 586
Links
MITRE CWE Entry Search this CWE With Exploits