Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-04-24 | CVE-2024-28825 | Improper Restriction of Excessive Authentication Attempts vulnerability in Checkmk Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing. | 9.8 |
2024-02-09 | CVE-2023-45190 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 6.1 |
2024-01-25 | CVE-2023-33759 | Improper Restriction of Excessive Authentication Attempts vulnerability in Splicecom Maximiser Soft PBX SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack. | 9.8 |
2024-01-22 | CVE-2022-45790 | Improper Restriction of Excessive Authentication Attempts vulnerability in Omron products The Omron FINS protocol has an authenticated feature to prevent access to memory regions. | 9.1 |
2024-01-11 | CVE-2023-50123 | Improper Restriction of Excessive Authentication Attempts vulnerability in Hozard Alarm System 1.0 The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state is not limited. | 8.1 |
2023-12-20 | CVE-2023-6912 | Improper Restriction of Excessive Authentication Attempts vulnerability in M-Files Server Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords. | 9.8 |
2023-12-20 | CVE-2023-27172 | Improper Restriction of Excessive Authentication Attempts vulnerability in Xpand-It Write-Back Manager 2.3.1 Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. | 9.1 |
2023-12-19 | CVE-2023-6928 | Improper Restriction of Excessive Authentication Attempts vulnerability in Eurotel Etl3100 Firmware 01C01/01X37 EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system. | 9.8 |
2023-12-18 | CVE-2023-6272 | Improper Restriction of Excessive Authentication Attempts vulnerability in Thememylogin 2FA The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits. | 9.8 |
2023-12-13 | CVE-2023-50444 | Improper Restriction of Excessive Authentication Attempts vulnerability in Primx Zed!, Zedmail and Zonecentral By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force. | 7.5 |