Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-08 | CVE-2020-1616 | Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper products Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. | 5.3 |
| 2020-04-07 | CVE-2019-4393 | Improper Restriction of Excessive Authentication Attempts vulnerability in Hcltech Appscan 10.0.0/9.0.3.13/9.0.3.14 HCL AppScan Standard is vulnerable to excessive authorization attempts | 9.8 |
| 2020-04-02 | CVE-2020-6852 | Improper Restriction of Excessive Authentication Attempts vulnerability in Cacagoo Tv-288Zd-2Mp Firmware 3.4.2.0919 CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 has weak authentication of TELNET access, leading to root privileges without any password required. | 9.8 |
| 2020-03-24 | CVE-2020-10849 | Improper Restriction of Excessive Authentication Attempts vulnerability in Google Android An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos7885, Exynos8895, and Exynos9810 chipsets) software. | 9.8 |
| 2020-03-16 | CVE-2019-18917 | Improper Restriction of Excessive Authentication Attempts vulnerability in HP products A potential security vulnerability has been identified for certain HP Printers and All-in-Ones that would allow bypassing account lockout. | 6.5 |
| 2020-03-13 | CVE-2019-14299 | Improper Restriction of Excessive Authentication Attempts vulnerability in Ricoh products Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. | 9.8 |
| 2020-03-13 | CVE-2019-13166 | Improper Restriction of Excessive Authentication Attempts vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. | 7.5 |
| 2020-02-27 | CVE-2017-16900 | Improper Restriction of Excessive Authentication Attempts vulnerability in Hunesion I-Onenet 3.0.6042.1200 Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the local user to access other user's information which is unauthorized via brute force. | 5.5 |
| 2020-02-12 | CVE-2009-5140 | Improper Restriction of Excessive Authentication Attempts vulnerability in Linksys Spa2102 Firmware The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue. | 8.8 |
| 2020-02-06 | CVE-2014-2875 | Improper Restriction of Excessive Authentication Attempts vulnerability in Keplerproject Cgilua The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. | 6.1 |