CWE-307

Improper Restriction of Excessive Authentication Attempts

Parent: CWE-1390 - Weak Authentication

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

586 vulnerabilities with CWE-307
CVE-2025-25595 CRITICAL
Safe App a3.0.9 - Authentication Bypass via Brute Force Attack
CVSS 9.8
CVE-2025-1714 MEDIUM
Perforce Gliffy <4.14.0-7 - Info Disclosure
CVE-2025-23368 HIGH
Wildfly Core < 31.0.3 & Elytron 32.0.0.Beta1-3 - CLI Auth Brute Force
CVSS 8.1
CVE-2025-1629 LOW
my Excitel App 3.13.0 - Improper Restriction of Excessive Authentication Attempts in One-Time Password Handler
CVSS 3.5
CVE-2025-24806 LOW
Authelia < 4.38.19 - Improper Restriction of Excessive Authentication Attempts
CVE-2025-22645 MEDIUM
Rameez Iqbal Real Estate Manager <7.3 - Auth Bypass
CVSS 5.3
CVE-2024-49342 HIGH
IBM Informix Dynamic Server 12.10 and 14.10 - Brute Force Attack via Inadequate Account Lockout
CVSS 7.5
CVE-2024-9342 CRITICAL
Eclipse GlassFish <= 7.0.16 - Unauthenticated Login Brute Force
CVSS 9.8
CVE-2024-12039 HIGH
Dify v0.10.1 - Unauthenticated Password Reset Code Brute-Force
CVSS 8.1
CVE-2024-42176 LOW
HCL MyXalytics - Concurrent Login Vulnerability
CVSS 2.6
CVE-2024-51476 HIGH
IBM Concert Software 1.0.5 - Improper Restriction of Excessive Authentication Attempts
CVSS 7.5
CVE-2024-57610 HIGH
Sylius v2.0.2 - Unrestricted Brute-Force Attack via Missing Rate Limiting
CVSS 7.5
CVE-2024-23106 HIGH
FortiClientEMS 7.2.0-7.2.4 and < 7.0.10 - Unauthenticated Brute Force Attack via HTTP/HTTPS Requests
CVSS 8.1
CVE-2024-55008 HIGH
JATOS 3.9.4 - Denial of Service via Account Lockout Mechanism
CVSS 7.5
CVE-2024-53647 MEDIUM
Trend Micro ID Security < 3.0 - Denial of Service via Unlimited Email Verification Requests
CVSS 6.5
CVE-2024-8429 MEDIUM
WiFiBurada < 1.0.5 - Use of Known Domain Credentials via Excessive Authentication Attempts
CVSS 4.3
CVE-2024-38488 MEDIUM
Dell RecoverPoint for Virtual Machines 6.0.x - Auth Bypass
CVSS 6.5
CVE-2024-45404 HIGH
OpenCTI <6.2.18 - Privilege Escalation
CVSS 8.1
CVE-2024-46442 CRITICAL
BYD Dilink Headunit System 3.0-4.0 - Auth Bypass
CVSS 9.8
CVE-2024-9928 MEDIUM
Hitachi Energy NSD570 Teleprotection Equipment 1.0-<1.20 - Brute-Force Attack via Unrestricted Login Attempts
CVSS 5.3
CVE-2024-49597 HIGH
Dell Wyse Management Suite <4.4 - Privilege Escalation
CVSS 7.6
CVE-2024-5716 CRITICAL
Logsign Unified SecOps Platform 6.4.6-6.4.8 - Unauthenticated Authentication Bypass via Password Reset Mechanism
CVSS 9.8
CVE-2024-0787 MEDIUM
phpipam < 1.7.0 - Unauthenticated Brute Force Attack via X-Forwarded-For Header
CVSS 5.9
CVE-2024-9832 CRITICAL
Clinician Password - Info Disclosure
CVSS 9.3
CVE-2024-51720 MEDIUM
SecuSUITE <5.0.420 - Privilege Escalation
CVSS 4.8
Details
Vulnerabilities 586
Links
MITRE CWE Entry Search this CWE With Exploits