Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-26 | CVE-2021-28248 | Improper Restriction of Excessive Authentication Attempts vulnerability in Broadcom Ehealth CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. | 7.5 |
| 2021-03-16 | CVE-2020-4891 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. | 5.5 |
| 2021-02-22 | CVE-2021-27514 | Improper Restriction of Excessive Authentication Attempts vulnerability in Eyesofnetwork 5.310 EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation). | 9.8 |
| 2021-02-16 | CVE-2020-35565 | Improper Restriction of Excessive Authentication Attempts vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24 An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. | 9.8 |
| 2021-02-12 | CVE-2021-27188 | Improper Restriction of Excessive Authentication Attempts vulnerability in Xn--B1Agzlht FX Aggregator Terminal Client 1.0 The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim's account. | 7.5 |
| 2021-02-12 | CVE-2021-20635 | Improper Restriction of Excessive Authentication Attempts vulnerability in Logitech Lan-Wh450N/Gr Firmware Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network. | 6.5 |
| 2021-01-14 | CVE-2021-3138 | Improper Restriction of Excessive Authentication Attempts vulnerability in Discourse In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms. | 7.5 |
| 2021-01-13 | CVE-2021-1311 | Improper Restriction of Excessive Authentication Attempts vulnerability in Cisco Webex Meetings Server A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. | 5.4 |
| 2020-12-23 | CVE-2020-35586 | Improper Restriction of Excessive Authentication Attempts vulnerability in Mersive Solstice POD Firmware In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase letters). | 7.5 |
| 2020-12-23 | CVE-2020-35585 | Improper Restriction of Excessive Authentication Attempts vulnerability in Mersive Solstice POD Firmware In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities. | 7.5 |