Description
VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/7225
Broken Link, Patch, Third Party Advisory, US Government Resource, Vendor Advisory third-party-advisory
government-resource
x_refsource_ciac
http://ciac.llnl.gov/ciac/bulletins/d-06.shtml
Scores
CVSS v3
9.8
EPSS
0.0075
EPSS Percentile
73.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-307
Status
published
Products (1)
hp/openvms_vax
5.3 - 5.5.2
Published
Dec 31, 1999
Tracked Since
Feb 18, 2026