Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-06 | CVE-2019-17240 | Improper Restriction of Excessive Authentication Attempts vulnerability in Bludit 3.9.2 bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers. | 9.8 |
| 2019-10-06 | CVE-2019-17215 | Improper Restriction of Excessive Authentication Attempts vulnerability in Vzug Combi-Stream Mslq Firmware Ethernetr07 An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. | 9.8 |
| 2019-10-02 | CVE-2019-4520 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Directory Server 6.4.0 IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
| 2019-09-27 | CVE-2019-3766 | Improper Restriction of Excessive Authentication Attempts vulnerability in Dell EMC Elastic Cloud Storage Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. | 9.8 |
| 2019-09-27 | CVE-2019-3746 | Improper Restriction of Excessive Authentication Attempts vulnerability in Dell EMC Integrated Data Protection Appliance Firmware 2.0/2.1/2.2 Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. | 8.8 |
| 2019-08-20 | CVE-2019-4310 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
| 2019-08-12 | CVE-2019-14951 | Improper Restriction of Excessive Authentication Attempts vulnerability in Telenav Scout GPS Link The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easier for attackers to obtain multimedia-screen access via port 7050 on the cellular network, as demonstrated by a DrivingRestriction method call to uma/jsonrpc/mobile. | 7.5 |
| 2019-07-28 | CVE-2019-14351 | Improper Restriction of Excessive Authentication Attempts vulnerability in Espocrm 5.6.4 EspoCRM 5.6.4 is vulnerable to user password hash enumeration. | 8.8 |
| 2019-07-15 | CVE-2019-1126 | Improper Restriction of Excessive Authentication Attempts vulnerability in Microsoft products A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password brute-force attack or cause account lockouts in Active Directory.This security update corrects how ADFS handles external authentication requests., aka 'ADFS Security Feature Bypass Vulnerability'. | 5.3 |
| 2019-07-01 | CVE-2019-4336 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Robotic Process Automation With Automation Anywhere IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 9.8 |