Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-18 | CVE-2023-48028 | Improper Restriction of Excessive Authentication Attempts vulnerability in Kodcloud Kodbox 1.46.01 kodbox 1.46.01 has a security flaw that enables user enumeration. | 9.8 |
| 2023-11-08 | CVE-2023-41270 | Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Ue40D7000 Firmware Tgapdeuc1033.2 Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV UE40D7000 version T-GAPDEUC-1033.2 and before allows attackers to cause a denial of service via WPS attack tools. | 4.3 |
| 2023-11-06 | CVE-2023-4625 | Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishielectric products Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. | 5.3 |
| 2023-11-03 | CVE-2023-41350 | Improper Restriction of Excessive Authentication Attempts vulnerability in Nokia G-040W-Q Firmware G040Wqr201207 Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. | 9.8 |
| 2023-10-31 | CVE-2023-37832 | Improper Restriction of Excessive Authentication Attempts vulnerability in Elenos Etg150 Firmware 3.12 A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user credentials via brute force and cause other unspecified impacts. | 7.5 |
| 2023-10-31 | CVE-2015-20110 | Improper Restriction of Excessive Authentication Attempts vulnerability in Jhipster JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. | 7.5 |
| 2023-10-26 | CVE-2023-5754 | Improper Restriction of Excessive Authentication Attempts vulnerability in Sielco products Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. | 9.8 |
| 2023-10-26 | CVE-2023-42769 | Improper Restriction of Excessive Authentication Attempts vulnerability in Sielco products The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter. | 9.8 |
| 2023-10-25 | CVE-2023-46123 | Improper Restriction of Excessive Authentication Attempts vulnerability in Fit2Cloud Jumpserver jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. | 5.3 |
| 2023-10-23 | CVE-2023-27152 | Improper Restriction of Excessive Authentication Attempts vulnerability in Opnsense 23.1 DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication. | 9.8 |