Vulnerabilities > Improper Restriction of Excessive Authentication Attempts

DATE CVE VULNERABILITY TITLE RISK
2020-04-08 CVE-2020-1616 Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper products
Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit.
network
low complexity
juniper CWE-307
5.3
2020-04-07 CVE-2019-4393 Improper Restriction of Excessive Authentication Attempts vulnerability in Hcltech Appscan 10.0.0/9.0.3.13/9.0.3.14
HCL AppScan Standard is vulnerable to excessive authorization attempts
network
low complexity
hcltech CWE-307
critical
9.8
2020-04-02 CVE-2020-6852 Improper Restriction of Excessive Authentication Attempts vulnerability in Cacagoo Tv-288Zd-2Mp Firmware 3.4.2.0919
CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 has weak authentication of TELNET access, leading to root privileges without any password required.
network
low complexity
cacagoo CWE-307
critical
9.8
2020-03-24 CVE-2020-10849 Improper Restriction of Excessive Authentication Attempts vulnerability in Google Android
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos7885, Exynos8895, and Exynos9810 chipsets) software.
network
low complexity
google CWE-307
critical
9.8
2020-03-16 CVE-2019-18917 Improper Restriction of Excessive Authentication Attempts vulnerability in HP products
A potential security vulnerability has been identified for certain HP Printers and All-in-Ones that would allow bypassing account lockout.
network
low complexity
hp CWE-307
6.5
2020-03-13 CVE-2019-14299 Improper Restriction of Excessive Authentication Attempts vulnerability in Ricoh products
Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks.
network
low complexity
ricoh CWE-307
critical
9.8
2020-03-13 CVE-2019-13166 Improper Restriction of Excessive Authentication Attempts vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout.
network
low complexity
xerox CWE-307
7.5
2020-02-27 CVE-2017-16900 Improper Restriction of Excessive Authentication Attempts vulnerability in Hunesion I-Onenet 3.0.6042.1200
Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the local user to access other user's information which is unauthorized via brute force.
local
low complexity
hunesion CWE-307
5.5
2020-02-12 CVE-2009-5140 Improper Restriction of Excessive Authentication Attempts vulnerability in Linksys Spa2102 Firmware
The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.
network
low complexity
linksys CWE-307
8.8
2020-02-06 CVE-2014-2875 Improper Restriction of Excessive Authentication Attempts vulnerability in Keplerproject Cgilua
The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack.
network
low complexity
keplerproject CWE-307
6.1