Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-15 | CVE-2019-18986 | Improper Restriction of Excessive Authentication Attempts vulnerability in Pimcore Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users. | 7.5 |
| 2019-11-15 | CVE-2019-18985 | Improper Restriction of Excessive Authentication Attempts vulnerability in Pimcore Pimcore before 6.2.2 lacks brute force protection for the 2FA token. | 9.8 |
| 2019-11-04 | CVE-2013-2257 | Improper Restriction of Excessive Authentication Attempts vulnerability in Cryptocat Project Cryptocat Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness | 7.5 |
| 2019-10-14 | CVE-2019-12941 | Improper Restriction of Excessive Authentication Attempts vulnerability in Autopi 4G/Lte Firmware and Wi-Fi/Nb Firmware AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. | 9.8 |
| 2019-10-06 | CVE-2019-17240 | Improper Restriction of Excessive Authentication Attempts vulnerability in Bludit 3.9.2 bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers. | 9.8 |
| 2019-10-06 | CVE-2019-17215 | Improper Restriction of Excessive Authentication Attempts vulnerability in Vzug Combi-Stream Mslq Firmware Ethernetr07 An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. | 9.8 |
| 2019-10-02 | CVE-2019-4520 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Directory Server 6.4.0 IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
| 2019-09-27 | CVE-2019-3766 | Improper Restriction of Excessive Authentication Attempts vulnerability in Dell EMC Elastic Cloud Storage Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. | 9.8 |
| 2019-09-27 | CVE-2019-3746 | Improper Restriction of Excessive Authentication Attempts vulnerability in Dell EMC Integrated Data Protection Appliance Firmware 2.0/2.1/2.2 Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. | 8.8 |
| 2019-08-20 | CVE-2019-4310 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |