Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-12 | CVE-2019-14951 | Improper Restriction of Excessive Authentication Attempts vulnerability in Telenav Scout GPS Link The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easier for attackers to obtain multimedia-screen access via port 7050 on the cellular network, as demonstrated by a DrivingRestriction method call to uma/jsonrpc/mobile. | 7.5 |
| 2019-07-28 | CVE-2019-14351 | Improper Restriction of Excessive Authentication Attempts vulnerability in Espocrm 5.6.4 EspoCRM 5.6.4 is vulnerable to user password hash enumeration. | 8.8 |
| 2019-07-15 | CVE-2019-1126 | Improper Restriction of Excessive Authentication Attempts vulnerability in Microsoft products A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password brute-force attack or cause account lockouts in Active Directory.This security update corrects how ADFS handles external authentication requests., aka 'ADFS Security Feature Bypass Vulnerability'. | 5.3 |
| 2019-07-01 | CVE-2019-4336 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Robotic Process Automation With Automation Anywhere IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 9.8 |
| 2019-06-07 | CVE-2019-4068 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM products IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. | 7.5 |
| 2019-06-04 | CVE-2019-5217 | Improper Restriction of Excessive Authentication Attempts vulnerability in Huawei Mate 9 PRO Firmware There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8). | 4.6 |
| 2019-04-10 | CVE-2019-0039 | Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Junos If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. | 8.1 |
| 2019-04-03 | CVE-2019-5421 | Improper Restriction of Excessive Authentication Attempts vulnerability in Plataformatec Devise Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts` method. | 9.8 |
| 2019-03-28 | CVE-2018-19879 | Improper Restriction of Excessive Authentication Attempts vulnerability in Teltonika Rut950 Firmware R31.04.89 An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. | 9.8 |
| 2019-03-05 | CVE-2019-6524 | Improper Restriction of Excessive Authentication Attempts vulnerability in Moxa products Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack. | 9.8 |