Vulnerabilities > CVE-1999-1324 - Improper Restriction of Excessive Authentication Attempts vulnerability in HP Openvms VAX 5.3/5.4/5.5

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

CWE-307

critical

NVD

Published: 1999-12-31

Updated: 2024-02-09

Summary

VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing.

Vulnerable Configurations

Part	Description	Count
OS	Hp HP Openvms VAX 5.3 HP Openvms VAX 5.4 HP Openvms VAX 5.5	3

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

http://ciac.llnl.gov/ciac/bulletins/d-06.shtml
https://exchange.xforce.ibmcloud.com/vulnerabilities/7225