Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-26 | CVE-2021-22737 | Improper Restriction of Excessive Authentication Attempts vulnerability in Schneider-Electric Homelynk Firmware and Spacelynk Firmware Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access of when credentials are discovered after a brute force attack. | 9.8 |
| 2021-05-24 | CVE-2020-26556 | Improper Restriction of Excessive Authentication Attempts vulnerability in Bluetooth Core Specification and Mesh Profile Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment. | 7.5 |
| 2021-05-17 | CVE-2021-29023 | Improper Restriction of Excessive Authentication Attempts vulnerability in Invoiceplane 1.5.11 InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is generated using a weak mechanism that is predictable. | 5.3 |
| 2021-04-26 | CVE-2021-31646 | Improper Restriction of Excessive Authentication Attempts vulnerability in Gestsup Gestsup before 3.2.10 allows account takeover through the password recovery functionality (remote). | 9.8 |
| 2021-03-30 | CVE-2021-29648 | Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products An issue was discovered in the Linux kernel before 5.11.11. | 5.5 |
| 2021-03-26 | CVE-2021-28248 | Improper Restriction of Excessive Authentication Attempts vulnerability in Broadcom Ehealth CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. | 7.5 |
| 2021-03-17 | CVE-2019-18235 | Improper Restriction of Excessive Authentication Attempts vulnerability in Advantech Spectre RT Ert351 Firmware 5.1.3 Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack. | 9.8 |
| 2021-03-16 | CVE-2020-4891 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. | 5.5 |
| 2021-03-15 | CVE-2021-25676 | Improper Restriction of Excessive Authentication Attempts vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). | 7.5 |
| 2021-02-22 | CVE-2021-27514 | Improper Restriction of Excessive Authentication Attempts vulnerability in Eyesofnetwork 5.310 EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation). | 9.8 |