Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-10 | CVE-2022-25820 | Improper Restriction of Excessive Authentication Attempts vulnerability in Google Android 11.0/12.0 A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password. | 4.6 |
| 2022-03-08 | CVE-2022-26314 | Improper Restriction of Excessive Authentication Attempts vulnerability in Mendix Forgot Password A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2). | 9.8 |
| 2022-01-28 | CVE-2021-22818 | Improper Restriction of Excessive Authentication Attempts vulnerability in Schneider-Electric products A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. | 7.5 |
| 2022-01-25 | CVE-2021-43298 | Improper Restriction of Excessive Authentication Attempts vulnerability in Embedthis Goahead The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. | 9.8 |
| 2022-01-21 | CVE-2022-22553 | Improper Restriction of Excessive Authentication Attempts vulnerability in Dell EMC Appsync 3.9.0.0/4.2.0.0/4.3.0.0 Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. | 9.8 |
| 2022-01-18 | CVE-2021-41807 | Improper Restriction of Excessive Authentication Attempts vulnerability in M-Files Server and M-Files web Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier. | 9.8 |
| 2021-12-27 | CVE-2020-21237 | Improper Restriction of Excessive Authentication Attempts vulnerability in 8Cms Ljcms 1.11 An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute force attacks. | 9.8 |
| 2021-12-27 | CVE-2020-21238 | Improper Restriction of Excessive Authentication Attempts vulnerability in Chshcms Cscms 4.0 An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks. | 9.8 |
| 2021-12-22 | CVE-2021-36750 | Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, making it easier for attackers to determine the passwords of all DataVault users (across USB drives sold under multiple brand names). | 8.1 |
| 2021-12-10 | CVE-2021-37934 | Improper Restriction of Excessive Authentication Attempts vulnerability in Huntflow Enterprise 3.10.6 Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform multiple login attempts for brute-force password guessing. | 9.8 |