CWE-307

Improper Restriction of Excessive Authentication Attempts

Parent: CWE-1390 - Weak Authentication

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

586 vulnerabilities with CWE-307
CVE-2020-28212 CRITICAL
EcoStruxure Control Expert - Unauthenticated Brute Force Attack via Modbus
CVSS 9.8
CVE-2020-27423 HIGH
Anuko Time Tracker <1.19.23.5311 - DoS
CVSS 7.5
CVE-2020-27747 MEDIUM
Click Studios Passwordstate 8.9 Build 8973 - Unauthenticated Brute Force Attack via Mobile PIN Code
CVSS 6.8
CVE-2020-15906 CRITICAL
Tiki 16.3-21.1 - Authentication Bypass via Excessive Login Attempts
CVSS 9.8
CVE-2020-5141 MEDIUM
SonicOS < 5.9.1.13, < 6.5.4.4 - Unauthenticated Brute Force via Virtual Assist Ticket ID
CVSS 6.5
CVE-2020-8228 MEDIUM
Preferred Providers app 1.7.0 - Info Disclosure
CVSS 5.3
CVE-2020-25827 HIGH
MediaWiki < 1.31.10 and 1.32.x-1.34.x < 1.34.4 - Improper Restriction of Excessive Authentication Attempts
CVSS 7.5
CVE-2020-15770 MEDIUM
Gradle Enterprise 2018.5 - Improper Restriction of Excessive Authentication Attempts
CVSS 5.5
CVE-2020-13312 MEDIUM
GitLab <13.1.10-13.3.4 - Auth Bypass
CVSS 6.5
CVE-2020-15786 CRITICAL
SIMATIC HMI Panels <= V16 - Brute-Force Attack via Sm@rt Server
CVSS 9.8
CVE-2020-7525 HIGH
Schneider Electric spaceLYnk and Wiser for KNX Firmware < 2.5.1 - Unauthenticated Password Brute-Force
CVSS 7.5
CVE-2020-12645 CRITICAL
OX App Suite 7.10.1-7.10.3 - Info Disclosure
CVSS 9.8
CVE-2020-13617 HIGH
Mitel MiVoice 6800/6900 SIP Phones <5.1.0.SP5 - Unauthenticated Sensitive Info Exposure
CVSS 7.5
CVE-2020-24007 CRITICAL
Umanni RH 1.0 - Unauthenticated Brute-Force Authentication Attack via Login Page
CVSS 9.8
CVE-2020-8202 MEDIUM
Nextcloud Preferred Providers <1.6.0 - DoS
CVSS 5.3
CVE-2020-4567 CRITICAL
IBM Security Key Lifecycle Manager 3.0.1 and 4.0 - Brute Force Attack via Inadequate Account Lockout
CVSS 9.8
CVE-2020-4400 HIGH
IBM Verify Gateway 1.0.0 and 1.0.1 - Inadequate Account Lockout Setting
CVSS 7.5
CVE-2020-14494 CRITICAL
OpenClinic GA 5.09.02 and 5.89.05b - Improper Authentication
CVSS 9.8
CVE-2020-14484 CRITICAL
OpenClinic GA 5.09.02 and 5.89.05b - Account Lockout Bypass
CVSS 9.8
CVE-2020-10285 CRITICAL
xArm 5 Lite Firmware < 1.5.0 - Insufficient Entropy in Authentication
CVSS 9.8
CVE-2020-15367 CRITICAL
Venki Supravizio BPM 10.1.2 - Auth Bypass
CVSS 9.8
CVE-2020-7508 CRITICAL
Easergy T300 Firmware <= 1.5.2 - Unauthenticated Brute Force Attack
CVSS 9.8
CVE-2020-13872 HIGH
Royal TS < 5.0 - Authentication Bypass via Brute-Force Attack
CVSS 8.8
CVE-2020-13835 CRITICAL
Samsung Android O(8.x) with TEEGRIS - Unauthenticated Brute-Force Attack on Gatekeeper Trustlet
CVSS 9.8
CVE-2020-13805 CRITICAL
Foxit Reader and PhantomPDF < 9.7.2 - Unauthenticated Brute-Force Attack via CAS Service
CVSS 9.8
Details
Vulnerabilities 586
Links
MITRE CWE Entry Search this CWE With Exploits