Vulnerabilities > CVE-2021-22530 - Improper Restriction of Excessive Authentication Attempts vulnerability in Microfocus Netiq Advanced Authentication

CVSS 9.9 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

LOW

Availability impact

LOW

network

low complexity

microfocus

CWE-307

critical

NVD

Published: 2024-08-28

Updated: 2024-09-13

Summary

A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1

Vulnerable Configurations

Part	Description	Count
Application	Microfocus Microfocus Netiq Advanced Authentication 6.3 Microfocus Netiq Advanced Authentication 4.11 Microfocus Netiq Advanced Authentication 4.12 Microfocus Netiq Advanced Authentication 5.1 Microfocus Netiq Advanced Authentication 5.1.2 Microfocus Netiq Advanced Authentication 5.1.3 Microfocus Netiq Advanced Authentication 5.2 Microfocus Netiq Advanced Authentication 5.3 Microfocus Netiq Advanced Authentication 5.4 Microfocus Netiq Advanced Authentication 5.5 Microfocus Netiq Advanced Authentication 5.6 Microfocus Netiq Advanced Authentication 6.0 Microfocus Netiq Advanced Authentication 6.1 Microfocus Netiq Advanced Authentication 6.2	27

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html