CWE-307
Improper Restriction of Excessive Authentication Attempts
Parent: CWE-1390 - Weak Authentication
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
586 vulnerabilities with CWE-307
CVE-2020-4193
CRITICAL
IBM Security Guardium 11.1 - Inadequate Account Lockout Setting
CVSS 9.8
CVE-2020-4232
HIGH
IBM Security Identity Governance and Intelligence 5.2.6 - Username Enumeration via Excessive Authentication Attempts
CVSS 7.5
CVE-2020-12752
HIGH
Samsung mobile devices P9.0-Q10.0 - Info Disclosure
CVSS 7.5
CVE-2020-11052
HIGH
Sorcery < 0.15.0 - Brute Force Protection Bypass via Expired Lockout
CVSS 8.3
CVE-2020-8790
CRITICAL
OKLOK 3.1.1 - Weak Password Requirements and Brute Force Vulnerability
CVSS 9.8
CVE-2020-10876
HIGH
OKLOK 3.1.1 - Insufficient Session Expiration via Verification Code Brute Force
CVSS 7.5
CVE-2020-11650
HIGH
iXsystems FreeNAS and TrueNAS 11.2-11.2-u8 and 11.3-11.3-U1 - Denial of Service via Authentication Message Flood
CVSS 7.5
CVE-2020-8827
HIGH
Argo CD < 1.5.0 - Unauthenticated Excessive Authentication Attempts
CVSS 7.5
CVE-2020-1616
MEDIUM
Juniper Advanced Threat Prevention and Virtual JATP < 5.0.6.0 - Unauthenticated Excessive Authentication Attempts
CVSS 5.3
CVE-2020-6852
CRITICAL
CACAGOO TV-288ZD-2MP Firmware 3.4.2.0919 - Unauthenticated Root Access via TELNET
CVSS 9.8
CVE-2020-10849
CRITICAL
Samsung mobile devices O(8.x)-Q(10.0) - Privilege Escalation
CVSS 9.8
CVE-2020-7995
CRITICAL
Dolibarr 10.0.6 - Unauthenticated Login Brute-Force via Unrestricted Authentication Attempts
CVSS 9.8
CVE-2020-7057
MEDIUM
Hikvision DS-7204HGHI-F1 Firmware - User Enumeration via Login Response Discrepancy
CVSS 5.3
CVE-2019-18235
CRITICAL
Advantech Spectre RT ERT351 Firmware <= 5.1.3 - Unauthenticated Brute-Force Login
CVSS 9.8
CVE-2019-20031
CRITICAL
NEC UM8000 and UM4730 - Unauthenticated Brute Force via Telephone User Interface
CVSS 9.1
CVE-2019-20881
HIGH
Mattermost Server < 5.8.0 - Improper Restriction of Excessive Authentication Attempts
CVSS 7.3
CVE-2019-17525
HIGH
D-Link DIR-615 T1 20.10 - Unauthenticated CAPTCHA Bypass via Login Page
CVSS 8.8
CVE-2019-4393
CRITICAL
HCL AppScan Standard < 10.0.0 - Improper Restriction of Excessive Authentication Attempts
CVSS 9.8
CVE-2019-18917
MEDIUM
HP Printers & All-in-Ones - Auth Bypass
CVSS 6.5
CVE-2019-14299
CRITICAL
Ricoh SP C250DN <1.05 - Auth Bypass
CVSS 9.8
CVE-2019-13166
HIGH
Xerox Phaser 3320 Firmware V53.006.16.000 - Unauthenticated Brute Force Attack via Missing Account Lockout
CVSS 7.5
CVE-2019-15577
MEDIUM
GitLab <12.3.2, <12.2.6, <12.1.12 - Unauthorized Information Disclosure via Groups Browsing
CVSS 4.3
CVE-2019-18261
CRITICAL
Omron PLC CS, CJ, and NJ Firmware - Improper Restriction of Excessive Authentication Attempts
CVSS 9.8
CVE-2019-16670
CRITICAL
Weidmueller IE-SW-PL09M-5GC-4GT Firmware < 3.3.4 - Improper Restriction of Excessive Authentication Attempts
CVSS 9.8
CVE-2019-5309
MEDIUM
Honor play <9.1.0.333 - Info Disclosure
CVSS 4.6
Details
Vulnerabilities
586