CWE-307

Improper Restriction of Excessive Authentication Attempts

Parent: CWE-1390 - Weak Authentication

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

586 vulnerabilities with CWE-307
CVE-2019-5263 MEDIUM
HiSuite <9.1.0.305 - Info Disclosure
CVSS 5.5
CVE-2019-18986 HIGH
pimcore < 6.2.2 - Username Enumeration via Forgot Password Distinct Error Messages
CVSS 7.5
CVE-2019-18985 CRITICAL
pimcore < 6.2.2 - Unauthenticated Excessive Authentication Attempts
CVSS 9.8
CVE-2019-12941 CRITICAL
AutoPi Wi-Fi/NB and 4G/LTE Firmware < 2019-10-15 - Unauthenticated Brute-Force Attack via WiFi Password Derivation
CVSS 9.8
CVE-2019-17240 CRITICAL
Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass via X-Forwarded-For Header
CVSS 9.8
CVE-2019-17215 CRITICAL
V-Zug Combi-Steam MSLQ Firmware < ethernet_r07 - Unauthenticated Brute Force Attack via Missing Lockout Mechanism
CVSS 9.8
CVE-2019-4520 HIGH
IBM Security Directory Server 6.4.0 - Info Disclosure
CVSS 7.5
CVE-2019-3766 CRITICAL
Dell EMC Elastic Cloud Storage < 3.4.0.0 - Unauthenticated Password Brute-Force via Excessive Authentication Attempts
CVSS 9.8
CVE-2019-3746 HIGH
Dell EMC Integrated Data Protection Appliance < 2.3 - Excessive Authentication Attempts
CVSS 8.8
CVE-2019-13918 CRITICAL
SINEMA Remote Connect Server < V2.0 SP1 - Info Disclosure
CVSS 9.8
CVE-2019-5035 CRITICAL
Nest Cam IQ Indoor <4620002 - Info Disclosure
CVSS 9.0
CVE-2019-4310 HIGH
IBM Security Guardium Big Data Intelligence 4.0 - Info Disclosure
CVSS 7.5
CVE-2019-14951 HIGH
Telenav Scout GPS Link 1.0.4-1.0.108 - Brute-Force Attack via Port 7050
CVSS 7.5
CVE-2019-14351 HIGH
EspoCRM 5.6.4 - Authenticated Password Hash Enumeration via FilterList API
CVSS 8.8
CVE-2019-1126 MEDIUM
Active Directory Federation Services - Auth Bypass
CVSS 5.3
CVE-2019-4336 CRITICAL
IBM Robotic Process Automation <11 - Privilege Escalation
CVSS 9.8
CVE-2019-4068 HIGH
IBM Intelligent Operations Center 5.1.0-5.2.0 - User Enumeration via Brute Force
CVSS 7.5
CVE-2019-5217 MEDIUM
Huawei Mate 9 Pro <LON-AL00B9.0.1.150 - Info Disclosure
CVSS 4.6
CVE-2019-0039 HIGH
Junos OS < 14.1x53-d49 - Unauthenticated Brute Force Attack via REST API
CVSS 8.1
CVE-2019-5421 CRITICAL
Plataformatec Devise <4.5.0 - Info Disclosure
CVSS 9.8
CVE-2019-6524 CRITICAL
Moxa IKS-G6824A <4.5 & EDS-405A/408A/510A <3.8 - Unauthenticated Password Discovery via Brute Force
CVSS 9.8
CVE-2018-19879 HIGH
Teltonika RTU9XX <R_31.04.89 - Auth Bypass
CVSS 7.1
CVE-2018-19021 MEDIUM
Emerson DeltaV < R6 - Denial of Service via Maintenance Port Authentication Bypass
CVSS 6.5
CVE-2018-19548 CRITICAL
EduSec <= 4.2.6 - Unauthenticated Brute-Force Attack via Login Endpoint
CVSS 9.8
CVE-2018-15759 CRITICAL
Pivotal Cloud Foundry On Demand Services SDK < 0.24.0 - Credential Brute-Force via Excessive Authentication Attempts
CVSS 9.1
Details
Vulnerabilities 586
Links
MITRE CWE Entry Search this CWE With Exploits