Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-30 | CVE-2020-8202 | Improper Restriction of Excessive Authentication Attempts vulnerability in Nextcloud Preferred Providers 1.6.0 Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password. | 5.3 |
| 2020-07-29 | CVE-2019-20031 | Improper Restriction of Excessive Authentication Attempts vulnerability in NEC Um4730 Firmware and Um8000 Firmware NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number of login attempts in the telephone user interface (TUI), effectively allowing brute force attacks. | 9.1 |
| 2020-07-29 | CVE-2020-4567 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security KEY Lifecycle Manager 3.0.1/4.0 IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 9.8 |
| 2020-07-22 | CVE-2020-4400 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Verify Gateway 1.0.0/1.0.1 IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
| 2020-07-20 | CVE-2020-14494 | Improper Restriction of Excessive Authentication Attempts vulnerability in Openclinic GA Project Openclinic GA 5.09.02/5.89.05B OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow unauthorized users to access the system after no more than a fixed maximum number of attempts. | 9.8 |
| 2020-07-20 | CVE-2020-14484 | Improper Restriction of Excessive Authentication Attempts vulnerability in Openclinic GA Project Openclinic GA 5.09.02/5.89.05B OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass the system’s account lockout protection, which may allow brute force password attacks. | 9.8 |
| 2020-07-07 | CVE-2020-15367 | Improper Restriction of Excessive Authentication Attempts vulnerability in Venki Supravizio BPM 10.1.2 Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. | 9.8 |
| 2020-06-19 | CVE-2019-20881 | Improper Restriction of Excessive Authentication Attempts vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.8.0. | 7.3 |
| 2020-06-16 | CVE-2020-7508 | Improper Restriction of Excessive Authentication Attempts vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force. | 9.8 |
| 2020-06-09 | CVE-2020-13872 | Improper Restriction of Excessive Authentication Attempts vulnerability in Royalapps Royal TS Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach. | 8.8 |