Vulnerabilities > Improper Restriction of Excessive Authentication Attempts

DATE CVE VULNERABILITY TITLE RISK
2021-07-07 CVE-2021-32522 Improper Restriction of Excessive Authentication Attempts vulnerability in Qsan Sanos, Storage Manager and Xevo
Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to discover users’ credentials and obtain access via a brute force attack.
network
low complexity
qsan CWE-307
5.0
2021-07-01 CVE-2021-28127 Improper Restriction of Excessive Authentication Attempts vulnerability in Stormshield Network Security
An issue was discovered in Stormshield SNS through 4.2.1.
network
low complexity
stormshield CWE-307
5.0
2021-06-11 CVE-2021-22915 Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products
Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations.
network
low complexity
nextcloud fedoraproject CWE-307
critical
9.8
2021-06-08 CVE-2021-33190 Improper Restriction of Excessive Authentication Attempts vulnerability in Apache Apisix Dashboard 2.6
In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access.
network
low complexity
apache CWE-307
5.3
2021-06-01 CVE-2021-3412 Improper Restriction of Excessive Authentication Attempts vulnerability in Redhat 3Scale and 3Scale API Management
It was found that all versions of 3Scale developer portal lacked brute force protections.
network
low complexity
redhat CWE-307
5.0
2021-05-26 CVE-2021-22737 Improper Restriction of Excessive Authentication Attempts vulnerability in Schneider-Electric Homelynk Firmware and Spacelynk Firmware
Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access of when credentials are discovered after a brute force attack.
network
low complexity
schneider-electric CWE-307
critical
9.8
2021-05-24 CVE-2020-26556 Improper Restriction of Excessive Authentication Attempts vulnerability in Bluetooth Core Specification and Mesh Profile
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment.
2.9
2021-05-17 CVE-2021-29023 Improper Restriction of Excessive Authentication Attempts vulnerability in Invoiceplane 1.5.11
InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is generated using a weak mechanism that is predictable.
network
low complexity
invoiceplane CWE-307
5.3
2021-04-26 CVE-2021-31646 Improper Restriction of Excessive Authentication Attempts vulnerability in Gestsup
Gestsup before 3.2.10 allows account takeover through the password recovery functionality (remote).
network
low complexity
gestsup CWE-307
7.5
2021-03-30 CVE-2021-29648 Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products
An issue was discovered in the Linux kernel before 5.11.11.
local
low complexity
linux fedoraproject CWE-307
5.5