CWE-307

Improper Restriction of Excessive Authentication Attempts

Parent: CWE-1390 - Weak Authentication

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

586 vulnerabilities with CWE-307
CVE-2018-14657 HIGH
Keycloak 4.2.1.Final, 4.3.0.Final - Improper Restriction of Excessive Authentication Attempts
CVSS 8.1
CVE-2018-11082 MEDIUM
Cloud Foundry UAA < 4.20.0 and UAA Release < 61.0 - Unauthenticated MFA Brute Force
CVSS 6.6
CVE-2018-16703 MEDIUM
Gleez CMS 1.2.0 - Unauthenticated User Enumeration and Brute-Force Attack via Login Page
CVSS 5.3
CVE-2018-12993 CRITICAL
OneFileCMS < 2012-04-14 - Brute-Force Attack via Username and Password Fields
CVSS 9.8
CVE-2018-12649 CRITICAL
MISP 2.4.92 - Brute-Force Protection Bypass via PUT HTTP Method
CVSS 9.8
CVE-2018-1475 CRITICAL
IBM BigFix <9.5 - Privilege Escalation
CVSS 9.8
CVE-2018-5469 CRITICAL
Belden Hirschmann - Info Disclosure
CVSS 9.8
CVE-2018-1373 HIGH
IBM Security Guardium Big Data Intelligence <3.1 - Info Disclosure
CVSS 7.5
CVE-2017-16900 MEDIUM
Hunesion i-oneNet <3.0.6042.1200 - Info Disclosure
CVSS 5.5
CVE-2017-12316 HIGH
Cisco Identity Services Engine - Unauthenticated Brute-Force Password Attack via Guest Portal Login Page
CVSS 7.5
CVE-2017-15887 CRITICAL
Synology CardDAV Server < 6.0.7-0085 - Unauthenticated Brute-Force Attack via /principals
CVSS 9.8
CVE-2017-14423 HIGH
D-Link DIR-850L <FW114WWb07_h2ab_beta1 - Info Disclosure
CVSS 7.5
CVE-2017-7673 CRITICAL
Apache OpenMeetings 1.0.0 - Info Disclosure
CVSS 9.8
CVE-2017-10604 MEDIUM
Junos OS 12.1X46 < D65, 12.3X48 < D45, 15.1X49 < D75 - Unauthenticated Root Account Lockout via Failed Login Attempts
CVSS 5.3
CVE-2017-11187 CRITICAL
phpmyfaq < 2.9.7 - Improper Restriction of Excessive Authentication Attempts
CVSS 9.8
CVE-2017-7898 CRITICAL
Rockwellautomation 1763-l16awa Series A < 16.000 - Brute Force
CVSS 9.8
CVE-2017-1197 CRITICAL
IBM BigFix Compliance - Info Disclosure
CVSS 9.8
CVE-2017-7915 CRITICAL
Moxa Oncell G3110-hspa Firmware < 1.3 - Brute Force
CVSS 9.8
CVE-2016-9124 CRITICAL
Revive Adserver <3.2.3 - Auth Bypass
CVSS 9.8
CVE-2016-9366 CRITICAL
Moxa NPort <various - Path Traversal
CVSS 9.8
CVE-2016-9361 CRITICAL
Moxa UDP Device Discovery
CVSS 9.8
CVE-2015-20110 HIGH
JHipster < 2.23.0 - Timing Attack via Token Validation
CVSS 7.5
CVE-2014-2875 MEDIUM
CGILua 5.2 alpha 1-2 - Session Hijacking via Weak Session ID Generation
CVSS 6.1
CVE-2014-5414 CRITICAL
Beckhoff Embedded PC Images < 2014-10-22 and TwinCAT ADS Components - Unauthenticated Brute-Force Authentication Bypass
CVSS 9.1
CVE-2013-10004 MEDIUM
Telecomsoftware SAMwin Contact Center Suite 5.1 - Predictable Authentication via SAMwinLIBVB.dll Password Handler
CVSS 6.5
Details
Vulnerabilities 586
Links
MITRE CWE Entry Search this CWE With Exploits