Vulnerabilities > Improper Restriction of Excessive Authentication Attempts

DATE CVE VULNERABILITY TITLE RISK
2020-09-27 CVE-2020-25827 Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-307
7.5
2020-09-18 CVE-2020-15770 Improper Restriction of Excessive Authentication Attempts vulnerability in Gradle Enterprise 2018.5
An issue was discovered in Gradle Enterprise 2018.5.
local
low complexity
gradle CWE-307
5.5
2020-09-14 CVE-2020-13312 Improper Restriction of Excessive Authentication Attempts vulnerability in Gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
network
low complexity
gitlab CWE-307
critical
9.8
2020-08-31 CVE-2020-12645 Improper Restriction of Excessive Authentication Attempts vulnerability in Open-Xchange Appsuite 7.10.1
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.
network
low complexity
open-xchange CWE-307
critical
9.8
2020-08-26 CVE-2020-13617 Improper Restriction of Excessive Authentication Attempts vulnerability in Mitel products
The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts.
network
low complexity
mitel CWE-307
7.5
2020-08-26 CVE-2020-24007 Improper Restriction of Excessive Authentication Attempts vulnerability in Umanni Human Resources 1.0
Umanni RH 1.0 does not limit the number of authentication attempts.
network
low complexity
umanni CWE-307
critical
9.8
2020-07-30 CVE-2020-8202 Improper Restriction of Excessive Authentication Attempts vulnerability in Nextcloud Preferred Providers 1.6.0
Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password.
network
low complexity
nextcloud CWE-307
5.3
2020-07-29 CVE-2019-20031 Improper Restriction of Excessive Authentication Attempts vulnerability in NEC Um4730 Firmware and Um8000 Firmware
NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number of login attempts in the telephone user interface (TUI), effectively allowing brute force attacks.
network
low complexity
nec CWE-307
critical
9.1
2020-07-29 CVE-2020-4567 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security KEY Lifecycle Manager 3.0.1/4.0
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-307
critical
9.8
2020-07-22 CVE-2020-4400 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Verify Gateway 1.0.0/1.0.1
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-307
7.5