CWE-307

Improper Restriction of Excessive Authentication Attempts

Parent: CWE-1390 - Weak Authentication

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

586 vulnerabilities with CWE-307
CVE-2024-11126 LOW
Digistar AG-30 Plus 2.6b - Auth Bypass
CVSS 3.1
CVE-2024-47592 MEDIUM
SAP NetWeaver AS Java - Info Disclosure
CVSS 5.3
CVE-2024-51558 CRITICAL
63moons Wave 2.0 < 1.1.7 - Unauthenticated Brute Force Attack via API Login
CVSS 9.8
CVE-2024-48143 CRITICAL
Digitory Multi Channel Integrated POS v1.0 - Info Disclosure
CVSS 9.1
CVE-2024-7292 HIGH
Progress Telerik Report Server < 10.2.24.806 - Credential Stuffing via Excessive Login Attempts
CVSS 7.5
CVE-2024-47656 CRITICAL
Shilpi Client Dashboard - Auth Bypass
CVSS 9.8
CVE-2024-41276 CRITICAL
Kaiten <= 57.131.12 - Unauthenticated Brute Force Attack via PIN Code Bypass
CVSS 9.8
CVE-2024-47088 CRITICAL
Apex Softcell LD Geo < 4.0.0.7 and LD DP Back Office < 24.8.21.1 - Unauthenticated Brute Force Attack via API Login
CVSS 9.8
CVE-2024-45523 CRITICAL
Bravura Security Fabric <12.3.5.32784-12.7.1.38241 - DoS
CVSS 9.1
CVE-2024-5682 MEDIUM
Yordam Library Automation System <20.1 - Auth Bypass
CVSS 6.5
CVE-2024-45790 CRITICAL
Reedos aiM-Star 2.0.1 - Excessive Authentication Attempts via API Login
CVSS 9.8
CVE-2024-45327 HIGH
FortiSOAR <7.4.3-7.0.3 - Privilege Escalation
CVSS 7.5
CVE-2024-32771 LOW
QNAP QTS and QuTS hero - Excessive Authentication Attempts
CVSS 2.6
CVE-2024-45589 MEDIUM
RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 - Denial of Service via Username Parameter
CVSS 5.9
CVE-2024-8462 LOW
Windmill 1.380.0 - Improper Restriction of Excessive Authentication Attempts in HTTP Request Handler
CVSS 3.7
CVE-2024-43042 CRITICAL
Pluck CMS 4.7.18 - Brute Force Attack via Unrestricted Login Attempts
CVSS 9.8
CVE-2024-42466 CRITICAL
upKeeper Manager <5.1.9 - Auth Bypass
CVSS 9.8
CVE-2024-42465 CRITICAL
upKeeper Manager <5.1.9 - Auth Bypass
CVSS 9.8
CVE-2024-39398 HIGH
Adobe Commerce < 2.4.3 - Improper Restriction of Excessive Authentication Attempts
CVSS 7.4
CVE-2024-41904 HIGH
SINEC Traffic Analyzer < 2.0 - Unauthenticated Excessive Authentication Attempts
CVSS 7.5
CVE-2024-41682 MEDIUM
Siemens Location Intelligence < 4.4 - Unauthenticated Excessive Authentication Attempts
CVSS 5.3
CVE-2024-39225 CRITICAL
GL-iNet Firmware - Remote Code Execution
CVSS 9.8
CVE-2024-38888 MEDIUM
Caterease 16.0.1.1663-24.0.1.2405 - Password Brute Force via Excessive Authentication Attempts
CVSS 6.8
CVE-2024-38176 HIGH
GroupMe - Unauthenticated Privilege Escalation via Excessive Authentication Attempts
CVSS 8.1
CVE-2024-39917 HIGH
xrdp < 0.10.0 - Unauthenticated Brute Force Attack via Unlimited Login Attempts
CVSS 7.2
Details
Vulnerabilities 586
Links
MITRE CWE Entry Search this CWE With Exploits