Vulnerabilities > Improper Restriction of Excessive Authentication Attempts

DATE CVE VULNERABILITY TITLE RISK
2019-08-12 CVE-2019-14951 Improper Restriction of Excessive Authentication Attempts vulnerability in Telenav Scout GPS Link
The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easier for attackers to obtain multimedia-screen access via port 7050 on the cellular network, as demonstrated by a DrivingRestriction method call to uma/jsonrpc/mobile.
network
low complexity
telenav CWE-307
7.5
2019-07-28 CVE-2019-14351 Improper Restriction of Excessive Authentication Attempts vulnerability in Espocrm 5.6.4
EspoCRM 5.6.4 is vulnerable to user password hash enumeration.
network
low complexity
espocrm CWE-307
8.8
2019-07-15 CVE-2019-1126 Improper Restriction of Excessive Authentication Attempts vulnerability in Microsoft products
A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password brute-force attack or cause account lockouts in Active Directory.This security update corrects how ADFS handles external authentication requests., aka 'ADFS Security Feature Bypass Vulnerability'.
network
low complexity
microsoft CWE-307
5.3
2019-07-01 CVE-2019-4336 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Robotic Process Automation With Automation Anywhere
IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-307
critical
9.8
2019-06-07 CVE-2019-4068 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM products
IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system.
network
low complexity
ibm CWE-307
7.5
2019-06-04 CVE-2019-5217 Improper Restriction of Excessive Authentication Attempts vulnerability in Huawei Mate 9 PRO Firmware
There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8).
low complexity
huawei CWE-307
4.6
2019-04-10 CVE-2019-0039 Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Junos
If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks.
network
high complexity
juniper CWE-307
8.1
2019-04-03 CVE-2019-5421 Improper Restriction of Excessive Authentication Attempts vulnerability in Plataformatec Devise
Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts` method.
network
low complexity
plataformatec CWE-307
critical
9.8
2019-03-28 CVE-2018-19879 Improper Restriction of Excessive Authentication Attempts vulnerability in Teltonika Rut950 Firmware R31.04.89
An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices.
network
low complexity
teltonika CWE-307
critical
9.8
2019-03-05 CVE-2019-6524 Improper Restriction of Excessive Authentication Attempts vulnerability in Moxa products
Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack.
network
low complexity
moxa CWE-307
critical
9.8