Vulnerabilities > CVE-2021-33209 - Improper Restriction of Excessive Authentication Attempts vulnerability in Fimer Aurora Vision

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

fimer

CWE-307

NVD

Published: 2021-11-03

Updated: 2021-11-05

Summary

An issue was discovered in Fimer Aurora Vision before 2.97.10. The response to a failed login attempt discloses whether the username or password is wrong, helping an attacker to enumerate usernames. This can make a brute-force attack easier.

Vulnerable Configurations

Part	Description	Count
Application	Fimer Fimer Aurora Vision *	1

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://fimeronline.sharepoint.com/:b:/s/GLB-publicsp/EeKCnV76jG5Pn9Ud30fTlesBlk-SZS3uFU80Gt8IEWiE4Q?e=Tdmabs
https://twitter.com/FIMERspa