Vulnerabilities > Improper Restriction of Excessive Authentication Attempts

DATE CVE VULNERABILITY TITLE RISK
2022-04-12 CVE-2022-22561 Improper Restriction of Excessive Authentication Attempts vulnerability in Dell EMC Powerscale Onefs
Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive authentication attempts.
network
low complexity
dell CWE-307
critical
9.8
2022-03-16 CVE-2021-43958 Improper Restriction of Excessive Authentication Attempts vulnerability in Atlassian Crucible
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of excess authentication attempts vulnerability.
network
low complexity
atlassian CWE-307
critical
9.8
2022-03-10 CVE-2022-25820 Improper Restriction of Excessive Authentication Attempts vulnerability in Google Android 11.0/12.0
A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password.
low complexity
google CWE-307
4.6
2022-03-08 CVE-2022-26314 Improper Restriction of Excessive Authentication Attempts vulnerability in Mendix Forgot Password
A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2).
network
low complexity
mendix CWE-307
critical
9.8
2022-01-28 CVE-2021-22818 Improper Restriction of Excessive Authentication Attempts vulnerability in Schneider-Electric products
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks.
network
low complexity
schneider-electric CWE-307
7.5
2022-01-25 CVE-2021-43298 Improper Restriction of Excessive Authentication Attempts vulnerability in Embedthis Goahead
The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting.
network
low complexity
embedthis CWE-307
critical
9.8
2022-01-21 CVE-2022-22553 Improper Restriction of Excessive Authentication Attempts vulnerability in Dell EMC Appsync 3.9.0.0/4.2.0.0/4.3.0.0
Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI.
network
low complexity
dell CWE-307
critical
9.8
2022-01-18 CVE-2021-41807 Improper Restriction of Excessive Authentication Attempts vulnerability in M-Files Server and M-Files web
Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier.
network
low complexity
m-files CWE-307
critical
9.8
2021-12-27 CVE-2020-21237 Improper Restriction of Excessive Authentication Attempts vulnerability in 8Cms Ljcms 1.11
An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute force attacks.
network
low complexity
8cms CWE-307
critical
9.8
2021-12-27 CVE-2020-21238 Improper Restriction of Excessive Authentication Attempts vulnerability in Chshcms Cscms 4.0
An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks.
network
low complexity
chshcms CWE-307
critical
9.8