Vulnerabilities > Improper Restriction of Excessive Authentication Attempts

DATE CVE VULNERABILITY TITLE RISK
2021-12-22 CVE-2021-36750 Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products
ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, making it easier for attackers to determine the passwords of all DataVault users (across USB drives sold under multiple brand names).
network
low complexity
zendesk sandisk CWE-307
8.1
2021-12-10 CVE-2021-37934 Improper Restriction of Excessive Authentication Attempts vulnerability in Huntflow Enterprise 3.10.6
Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform multiple login attempts for brute-force password guessing.
network
low complexity
huntflow CWE-307
critical
9.8
2021-11-30 CVE-2021-42544 Improper Restriction of Excessive Authentication Attempts vulnerability in Businessdnasolutions Topease
Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on the Login Form allows an unauthenticated remote attacker to perform multiple login attempts, which facilitates gaining privileges.
network
low complexity
businessdnasolutions CWE-307
critical
9.8
2021-11-23 CVE-2021-38890 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Sterling Connect:Direct
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-307
7.5
2021-11-19 CVE-2021-41435 Improper Restriction of Excessive Authentication Attempts vulnerability in Asus products
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.
network
low complexity
asus CWE-307
critical
9.8
2021-11-19 CVE-2021-44033 Improper Restriction of Excessive Authentication Attempts vulnerability in Ionic Identity Vault
In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed.
low complexity
ionic CWE-307
6.8
2021-11-03 CVE-2021-33209 Improper Restriction of Excessive Authentication Attempts vulnerability in Fimer Aurora Vision
An issue was discovered in Fimer Aurora Vision before 2.97.10.
network
low complexity
fimer CWE-307
5.3
2021-10-21 CVE-2021-42096 Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products
GNU Mailman before 2.1.35 may allow remote Privilege Escalation.
network
low complexity
gnu debian CWE-307
4.3
2021-10-19 CVE-2021-38474 Improper Restriction of Excessive Authentication Attempts vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product.
network
low complexity
inhandnetworks CWE-307
critical
9.8
2021-09-16 CVE-2021-29842 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts.
network
low complexity
ibm CWE-307
5.3