Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-12 | CVE-2009-5140 | Improper Restriction of Excessive Authentication Attempts vulnerability in Linksys Spa2102 Firmware The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue. | 8.8 |
| 2020-02-06 | CVE-2014-2875 | Improper Restriction of Excessive Authentication Attempts vulnerability in Keplerproject Cgilua The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. | 6.1 |
| 2020-01-28 | CVE-2013-1895 | Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten. | 7.5 |
| 2020-01-27 | CVE-2013-4441 | Improper Restriction of Excessive Authentication Attempts vulnerability in Pwgen Project Pwgen 2.06 The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. | 9.8 |
| 2020-01-26 | CVE-2020-7995 | Improper Restriction of Excessive Authentication Attempts vulnerability in Dolibarr Erp/Crm 10.0.6 The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts. | 9.8 |
| 2020-01-14 | CVE-2020-7057 | Improper Restriction of Excessive Authentication Attempts vulnerability in Hikvision Ds-7204Hghi-F1 Firmware 4.0.1 Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. | 5.3 |
| 2019-12-18 | CVE-2019-15577 | Improper Restriction of Excessive Authentication Attempts vulnerability in Gitlab An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed project milestones to be disclosed via groups browsing. | 4.3 |
| 2019-12-16 | CVE-2019-18261 | Improper Restriction of Excessive Authentication Attempts vulnerability in Omron PLC CJ Firmware, PLC CS Firmware and PLC NJ Firmware In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, all versions, the software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks. | 9.8 |
| 2019-12-06 | CVE-2019-16670 | Improper Restriction of Excessive Authentication Attempts vulnerability in Weidmueller products An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. | 9.8 |
| 2019-12-03 | CVE-2013-2228 | Improper Restriction of Excessive Authentication Attempts vulnerability in Saltstack 0.14.0/0.14.1/0.15.0 SaltStack RSA Key Generation allows remote users to decrypt communications | 8.1 |