Vulnerabilities > Improper Restriction of Excessive Authentication Attempts

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-6272 Improper Restriction of Excessive Authentication Attempts vulnerability in Thememylogin 2FA
The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits.
network
low complexity
thememylogin CWE-307
critical
9.8
2023-12-13 CVE-2023-50444 Improper Restriction of Excessive Authentication Attempts vulnerability in Primx Zed!, Zedmail and Zonecentral
By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.
network
low complexity
primx CWE-307
7.5
2023-12-08 CVE-2023-49443 Improper Restriction of Excessive Authentication Attempts vulnerability in Html-Js Doracms 2.1.8
DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords.
network
low complexity
html-js CWE-307
critical
9.8
2023-12-04 CVE-2023-24051 Improper Restriction of Excessive Authentication Attempts vulnerability in Connectize Ac21000 G6 Firmware 641.139.1.1256
A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via brute force style attacks.
network
low complexity
connectize CWE-307
critical
9.8
2023-11-18 CVE-2023-48028 Improper Restriction of Excessive Authentication Attempts vulnerability in Kodcloud Kodbox 1.46.01
kodbox 1.46.01 has a security flaw that enables user enumeration.
network
low complexity
kodcloud CWE-307
critical
9.8
2023-11-08 CVE-2023-41270 Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Ue40D7000 Firmware Tgapdeuc1033.2
Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV UE40D7000 version T-GAPDEUC-1033.2 and before allows attackers to cause a denial of service via WPS attack tools.
low complexity
samsung CWE-307
4.3
2023-11-06 CVE-2023-4625 Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishielectric products
Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function.
network
low complexity
mitsubishielectric CWE-307
5.3
2023-11-03 CVE-2023-41350 Improper Restriction of Excessive Authentication Attempts vulnerability in Nokia G-040W-Q Firmware G040Wqr201207
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts.
network
low complexity
nokia CWE-307
critical
9.8
2023-10-31 CVE-2023-37832 Improper Restriction of Excessive Authentication Attempts vulnerability in Elenos Etg150 Firmware 3.12
A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user credentials via brute force and cause other unspecified impacts.
network
low complexity
elenos CWE-307
7.5
2023-10-31 CVE-2015-20110 Improper Restriction of Excessive Authentication Attempts vulnerability in Jhipster
JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different.
network
low complexity
jhipster CWE-307
7.5