CWE-307

Improper Restriction of Excessive Authentication Attempts

Parent: CWE-1390 - Weak Authentication

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

586 vulnerabilities with CWE-307
CVE-2021-31646 CRITICAL
gestsup < 3.2.10 - Account Takeover via Weak Password Recovery Token
CVSS 9.8
CVE-2021-29648 MEDIUM
Linux Kernel < 5.11.11 - Denial of Service via Uninitialized BTF Data Access
CVSS 5.5
CVE-2021-28248 HIGH
CA eHealth Performance Manager <6.3.2.12 - Auth Bypass
CVSS 7.5
CVE-2021-25676 HIGH
Siemens RUGGEDCOM RM1224, SCALANCE M-800, S615, SC-600 - Denial of Service via SSH Authentication Attempts
CVSS 7.5
CVE-2021-25309 CRITICAL
Gigaset DX600A v41.00-175 - Weak Password Requirements and Brute-Force Vulnerability via Telnet Administrator Service
CVSS 9.8
CVE-2021-27514 CRITICAL
EyesOfNetwork <5.3-10 - Auth Bypass
CVSS 9.8
CVE-2021-27188 HIGH
Sovremennye Delovye Tekhnologii FX Aggregator Terminal Client 1 - DoS via Excessive Authentication Attempts
CVSS 7.5
CVE-2021-20635 MEDIUM
LOGITEC LAN-WH450N/GR - Info Disclosure
CVSS 6.5
CVE-2021-3138 HIGH
Discourse 2.7.0-beta1 - Two-Factor Authentication Bypass via Rate-Limit Bypass
CVSS 7.5
CVE-2021-1311 MEDIUM
Cisco Webex Meetings < 40.12.0 and Webex Meetings Server < 3.0 - Authenticated Host Role Takeover via Brute Force
CVSS 5.4
CVE-2020-37228 CRITICAL
iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass
CVSS 9.8
CVE-2020-21238 CRITICAL
CSCMS 4.0 - Unauthenticated Account Hijacking via Brute Force Attack
CVSS 9.8
CVE-2020-21237 CRITICAL
8cms/ljcms 1.11 - Unauthenticated Account Hijacking via Brute Force Attack
CVSS 9.8
CVE-2020-18698 CRITICAL
Lin-CMS-Flask 0.1.1 - Unauthenticated Brute Force Attack via Login Function
CVSS 9.8
CVE-2020-23283 HIGH
MV's mConnect <v02.001.00 - Info Disclosure
CVSS 7.5
CVE-2020-26556 HIGH
Bluetooth Mesh <1.0.1 - Privilege Escalation
CVSS 7.5
CVE-2020-4891 MEDIUM
IBM Spectrum Scale 5.0.0-5.0.5.5 and 5.1.0-5.1.0.2 - Brute Force Attack via Inadequate Account Lockout
CVSS 5.5
CVE-2020-35565 CRITICAL
MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 < 2.6.2 - Unauthenticated Brute Force Attack via Login Page
CVSS 9.8
CVE-2020-35586 HIGH
Solstice Pod < 3.0.3 - Unauthenticated Administrator Password Brute-Force via Open Control API
CVSS 7.5
CVE-2020-35585 HIGH
Solstice Pod < 3.3.0 - Unauthenticated Screen Key Brute-Force via Open Control API
CVSS 7.5
CVE-2020-25196 CRITICAL
MOXA NPort IAW5000A-I/O Firmware < 2.1 - Unauthenticated Brute Force Authentication Bypass via SSH/Telnet
CVSS 9.8
CVE-2020-35590 CRITICAL
limit-login-attempts-reloaded < 2.17.4 - Rate Limit Bypass via X-Forwarded-For Header Spoofing
CVSS 9.8
CVE-2020-28206 MEDIUM
Bitrix Framework 20.0 - User Enumeration & Authentication Brute-Force in Admin Login
CVSS 6.5
CVE-2020-29136 MEDIUM
cPanel < 11.86.0.32 - Two-Factor Authentication Bypass via Brute-Force Attack
CVSS 6.5
CVE-2020-29042 LOW
BigBlueButton < 2.2.29 - Unauthenticated Brute-Force Attack via Meeting Access Code
CVSS 3.7
Details
Vulnerabilities 586
Links
MITRE CWE Entry Search this CWE With Exploits