Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-09 | CVE-2023-26208 | Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortiauthenticator A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | 5.3 |
| 2023-03-09 | CVE-2023-26209 | Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortideceptor A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | 5.3 |
| 2023-03-02 | CVE-2023-1101 | Improper Restriction of Excessive Authentication Attempts vulnerability in Sonicwall Sonicos SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes. | 8.8 |
| 2023-03-02 | CVE-2023-26476 | Improper Restriction of Excessive Authentication Attempts vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 7.5 |
| 2023-02-21 | CVE-2023-24080 | Improper Restriction of Excessive Authentication Attempts vulnerability in Chamberlain MYQ 5.222.0.32277 A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack. | 9.8 |
| 2023-02-16 | CVE-2023-0860 | Improper Restriction of Excessive Authentication Attempts vulnerability in Modoboa Installer 2.0.3 Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4. | 7.5 |
| 2023-02-15 | CVE-2023-25156 | Improper Restriction of Excessive Authentication Attempts vulnerability in Kiwitcms Kiwi Tcms Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. | 9.8 |
| 2023-02-11 | CVE-2022-34389 | Improper Restriction of Excessive Authentication Attempts vulnerability in Dell products Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. | 5.3 |
| 2023-01-30 | CVE-2022-32515 | Improper Restriction of Excessive Authentication Attempts vulnerability in Schneider-Electric Conext Combox Firmware A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. | 9.8 |
| 2023-01-30 | CVE-2023-24020 | Improper Restriction of Excessive Authentication Attempts vulnerability in Snapav Wattbox Wb-300-Ip-3 Firmware Wb10.9A17 Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection, allowing multiple attempts to force a login. | 9.8 |