Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-23 | CVE-2021-38890 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Sterling Connect:Direct IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
| 2021-11-19 | CVE-2021-41435 | Improper Restriction of Excessive Authentication Attempts vulnerability in Asus products A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request. | 9.8 |
| 2021-11-19 | CVE-2021-44033 | Improper Restriction of Excessive Authentication Attempts vulnerability in Ionic Identity Vault In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed. | 6.8 |
| 2021-11-03 | CVE-2021-33209 | Improper Restriction of Excessive Authentication Attempts vulnerability in Fimer Aurora Vision An issue was discovered in Fimer Aurora Vision before 2.97.10. | 5.3 |
| 2021-10-21 | CVE-2021-42096 | Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products GNU Mailman before 2.1.35 may allow remote Privilege Escalation. | 4.3 |
| 2021-10-19 | CVE-2021-38474 | Improper Restriction of Excessive Authentication Attempts vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product. | 9.8 |
| 2021-09-16 | CVE-2021-29842 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. | 5.3 |
| 2021-09-09 | CVE-2021-28909 | Improper Restriction of Excessive Authentication Attempts vulnerability in Bab-Technologie Eibport Firmware 3.8.2/3.8.3 BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. | 9.8 |
| 2021-09-09 | CVE-2021-38725 | Improper Restriction of Excessive Authentication Attempts vulnerability in Thedaylightstudio Fuel CMS 1.5.0 Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php | 5.3 |
| 2021-08-31 | CVE-2021-22003 | Improper Restriction of Excessive Authentication Attempts vulnerability in VMWare products VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. | 7.5 |