Vulnerabilities > Improper Restriction of Excessive Authentication Attempts

DATE CVE VULNERABILITY TITLE RISK
2021-09-09 CVE-2021-28909 Improper Restriction of Excessive Authentication Attempts vulnerability in Bab-Technologie Eibport Firmware 3.8.2/3.8.3
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack.
network
low complexity
bab-technologie CWE-307
5.0
2021-09-09 CVE-2021-38725 Improper Restriction of Excessive Authentication Attempts vulnerability in Thedaylightstudio Fuel CMS 1.5.0
Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php
network
low complexity
thedaylightstudio CWE-307
5.0
2021-08-31 CVE-2021-22003 Improper Restriction of Excessive Authentication Attempts vulnerability in VMWare products
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443.
network
low complexity
vmware CWE-307
5.0
2021-08-17 CVE-2021-29987 Improper Restriction of Excessive Authentication Attempts vulnerability in Mozilla Firefox
After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to.
network
mozilla CWE-307
4.3
2021-08-16 CVE-2020-18698 Improper Restriction of Excessive Authentication Attempts vulnerability in Talelin Lin-Cms-Flask 0.1.1
Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'.
network
low complexity
talelin CWE-307
5.0
2021-08-06 CVE-2021-38155 Improper Restriction of Excessive Authentication Attempts vulnerability in Openstack Keystone
OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features).
network
low complexity
openstack CWE-307
5.0
2021-08-02 CVE-2021-27943 Improper Restriction of Excessive Authentication Attempts vulnerability in Vizio E50X-E1 Firmware and P65-F1 Firmware
The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack (against only 10000 possibilities), allowing a threat actor to forcefully pair the device, leading to remote control of the TV settings and configurations.
network
low complexity
vizio CWE-307
5.0
2021-07-30 CVE-2021-35472 Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products
An issue was discovered in LemonLDAP::NG before 2.0.12.
6.0
2021-07-25 CVE-2021-3663 Improper Restriction of Excessive Authentication Attempts vulnerability in Firefly-Iii Firefly III
firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts
network
low complexity
firefly-iii CWE-307
5.0
2021-07-21 CVE-2020-23283 Improper Restriction of Excessive Authentication Attempts vulnerability in MV Mconnect 02.001.00/2013.1.6.8
Information disclosure in Logon Page in MV's mConnect application v02.001.00 allows an attacker to know valid users from the application's database via brute force.
network
low complexity
mv CWE-307
5.0