Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-12 | CVE-2021-27188 | Improper Restriction of Excessive Authentication Attempts vulnerability in Xn--B1Agzlht FX Aggregator Terminal Client 1.0 The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim's account. | 7.5 |
| 2021-02-12 | CVE-2021-20635 | Improper Restriction of Excessive Authentication Attempts vulnerability in Logitech Lan-Wh450N/Gr Firmware Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network. | 6.5 |
| 2021-01-14 | CVE-2021-3138 | Improper Restriction of Excessive Authentication Attempts vulnerability in Discourse In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms. | 7.5 |
| 2021-01-13 | CVE-2021-1311 | Improper Restriction of Excessive Authentication Attempts vulnerability in Cisco Webex Meetings Server A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. | 5.4 |
| 2020-12-23 | CVE-2020-35586 | Improper Restriction of Excessive Authentication Attempts vulnerability in Mersive Solstice POD Firmware In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase letters). | 7.5 |
| 2020-12-23 | CVE-2020-35585 | Improper Restriction of Excessive Authentication Attempts vulnerability in Mersive Solstice POD Firmware In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities. | 7.5 |
| 2020-12-23 | CVE-2020-25196 | Improper Restriction of Excessive Authentication Attempts vulnerability in Moxa Nport Iaw5000A-I/O Firmware The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication. | 9.8 |
| 2020-12-21 | CVE-2020-35590 | Improper Restriction of Excessive Authentication Attempts vulnerability in Limitloginattempts Limit Login Attempts Reloaded LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of (per IP address) rate limits because the X-Forwarded-For header can be forged. | 9.8 |
| 2020-12-02 | CVE-2020-28206 | Improper Restriction of Excessive Authentication Attempts vulnerability in Bitrix24 Bitrix Framework 20.0 An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. | 6.5 |
| 2020-11-27 | CVE-2020-29136 | Improper Restriction of Excessive Authentication Attempts vulnerability in Cpanel In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575). | 6.5 |