Vulnerabilities > Improper Restriction of Excessive Authentication Attempts

DATE CVE VULNERABILITY TITLE RISK
2021-02-16 CVE-2020-35565 Improper Restriction of Excessive Authentication Attempts vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2.
network
low complexity
mbconnectline CWE-307
5.0
2021-02-12 CVE-2021-27188 Improper Restriction of Excessive Authentication Attempts vulnerability in Xn--B1Agzlht FX Aggregator Terminal Client 1.0
The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim's account.
network
low complexity
xn-b1agzlht CWE-307
5.0
2021-02-12 CVE-2021-20635 Improper Restriction of Excessive Authentication Attempts vulnerability in Logitec Lan-Wh450N/Gr Firmware
Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network.
low complexity
logitec CWE-307
3.3
2021-01-14 CVE-2021-3138 Improper Restriction of Excessive Authentication Attempts vulnerability in Discourse
In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.
network
low complexity
discourse CWE-307
5.0
2021-01-13 CVE-2021-1311 Improper Restriction of Excessive Authentication Attempts vulnerability in Cisco Webex Meetings
A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting.
network
low complexity
cisco CWE-307
5.5
2020-12-23 CVE-2020-35586 Improper Restriction of Excessive Authentication Attempts vulnerability in Mersive Solstice POD Firmware
In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase letters).
network
low complexity
mersive CWE-307
5.0
2020-12-23 CVE-2020-35585 Improper Restriction of Excessive Authentication Attempts vulnerability in Mersive Solstice POD Firmware
In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities.
network
low complexity
mersive CWE-307
5.0
2020-12-23 CVE-2020-25196 Improper Restriction of Excessive Authentication Attempts vulnerability in Moxa Nport Iaw5000A-I/O Firmware
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication.
network
low complexity
moxa CWE-307
5.0
2020-12-21 CVE-2020-35590 Improper Restriction of Excessive Authentication Attempts vulnerability in Limitloginattempts Limit Login Attempts Reloaded
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of (per IP address) rate limits because the X-Forwarded-For header can be forged.
network
low complexity
limitloginattempts CWE-307
5.0
2020-12-02 CVE-2020-28206 Improper Restriction of Excessive Authentication Attempts vulnerability in Bitrix24 Bitrix Framework 20.0
An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0.
network
low complexity
bitrix24 CWE-307
4.0