Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-23 | CVE-2020-35586 | Improper Restriction of Excessive Authentication Attempts vulnerability in Mersive Solstice POD Firmware In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase letters). | 7.5 |
| 2020-12-23 | CVE-2020-35585 | Improper Restriction of Excessive Authentication Attempts vulnerability in Mersive Solstice POD Firmware In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities. | 7.5 |
| 2020-12-23 | CVE-2020-25196 | Improper Restriction of Excessive Authentication Attempts vulnerability in Moxa Nport Iaw5000A-I/O Firmware The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication. | 9.8 |
| 2020-12-21 | CVE-2020-35590 | Improper Restriction of Excessive Authentication Attempts vulnerability in Limitloginattempts Limit Login Attempts Reloaded LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of (per IP address) rate limits because the X-Forwarded-For header can be forged. | 9.8 |
| 2020-12-02 | CVE-2020-28206 | Improper Restriction of Excessive Authentication Attempts vulnerability in Bitrix24 Bitrix Framework 20.0 An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. | 6.5 |
| 2020-11-27 | CVE-2020-29136 | Improper Restriction of Excessive Authentication Attempts vulnerability in Cpanel In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575). | 6.5 |
| 2020-11-26 | CVE-2020-29042 | Improper Restriction of Excessive Authentication Attempts vulnerability in Bigbluebutton An issue was discovered in BigBlueButton through 2.2.29. | 3.7 |
| 2020-11-16 | CVE-2020-27423 | Improper Restriction of Excessive Authentication Attempts vulnerability in Anuko Time Tracker Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox | 7.5 |
| 2020-10-29 | CVE-2020-27747 | Improper Restriction of Excessive Authentication Attempts vulnerability in Clickstudios Passwordstate 8.9 An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 digits), a remote attacker has the opportunity to conduct a brute force attack on this PIN code. | 6.8 |
| 2020-10-22 | CVE-2020-15906 | Improper Restriction of Excessive Authentication Attempts vulnerability in Tiki tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts. | 9.8 |