Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-16 | CVE-2019-18917 | Improper Restriction of Excessive Authentication Attempts vulnerability in HP products A potential security vulnerability has been identified for certain HP Printers and All-in-Ones that would allow bypassing account lockout. | 6.5 |
| 2020-03-13 | CVE-2019-14299 | Improper Restriction of Excessive Authentication Attempts vulnerability in Ricoh products Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. | 9.8 |
| 2020-03-13 | CVE-2019-13166 | Improper Restriction of Excessive Authentication Attempts vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. | 7.5 |
| 2020-02-27 | CVE-2017-16900 | Improper Restriction of Excessive Authentication Attempts vulnerability in Hunesion I-Onenet 3.0.6042.1200 Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the local user to access other user's information which is unauthorized via brute force. | 5.5 |
| 2020-02-12 | CVE-2009-5140 | Improper Restriction of Excessive Authentication Attempts vulnerability in Linksys Spa2102 Firmware The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue. | 8.8 |
| 2020-02-06 | CVE-2014-2875 | Improper Restriction of Excessive Authentication Attempts vulnerability in Keplerproject Cgilua The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. | 6.1 |
| 2020-01-28 | CVE-2013-1895 | Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten. | 7.5 |
| 2020-01-27 | CVE-2013-4441 | Improper Restriction of Excessive Authentication Attempts vulnerability in Pwgen Project Pwgen 2.06 The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. | 9.8 |
| 2020-01-26 | CVE-2020-7995 | Improper Restriction of Excessive Authentication Attempts vulnerability in Dolibarr Erp/Crm 10.0.6 The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts. | 9.8 |
| 2020-01-14 | CVE-2020-7057 | Improper Restriction of Excessive Authentication Attempts vulnerability in Hikvision Ds-7204Hghi-F1 Firmware 4.0.1 Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. | 5.3 |