Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-21 | CVE-2022-22553 | Improper Restriction of Excessive Authentication Attempts vulnerability in Dell EMC Appsync 3.9.0.0/4.2.0.0/4.3.0.0 Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. | 9.8 |
| 2022-01-18 | CVE-2021-41807 | Improper Restriction of Excessive Authentication Attempts vulnerability in M-Files Server and M-Files web Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier. | 9.8 |
| 2021-12-27 | CVE-2020-21237 | Improper Restriction of Excessive Authentication Attempts vulnerability in 8Cms Ljcms 1.11 An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute force attacks. | 9.8 |
| 2021-12-27 | CVE-2020-21238 | Improper Restriction of Excessive Authentication Attempts vulnerability in Chshcms Cscms 4.0 An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks. | 9.8 |
| 2021-12-22 | CVE-2021-36750 | Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, making it easier for attackers to determine the passwords of all DataVault users (across USB drives sold under multiple brand names). | 8.1 |
| 2021-12-10 | CVE-2021-37934 | Improper Restriction of Excessive Authentication Attempts vulnerability in Huntflow Enterprise 3.10.6 Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform multiple login attempts for brute-force password guessing. | 9.8 |
| 2021-11-30 | CVE-2021-42544 | Improper Restriction of Excessive Authentication Attempts vulnerability in Businessdnasolutions Topease Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on the Login Form allows an unauthenticated remote attacker to perform multiple login attempts, which facilitates gaining privileges. | 9.8 |
| 2021-11-23 | CVE-2021-38890 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Sterling Connect:Direct IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
| 2021-11-19 | CVE-2021-41435 | Improper Restriction of Excessive Authentication Attempts vulnerability in Asus products A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request. | 9.8 |
| 2021-11-19 | CVE-2021-44033 | Improper Restriction of Excessive Authentication Attempts vulnerability in Ionic Identity Vault In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed. | 6.8 |