Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-31 | CVE-2023-37832 | Improper Restriction of Excessive Authentication Attempts vulnerability in Elenos Etg150 Firmware 3.12 A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user credentials via brute force and cause other unspecified impacts. | 7.5 |
| 2023-10-31 | CVE-2015-20110 | Improper Restriction of Excessive Authentication Attempts vulnerability in Jhipster JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. | 7.5 |
| 2023-10-26 | CVE-2023-5754 | Improper Restriction of Excessive Authentication Attempts vulnerability in Sielco products Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. | 9.8 |
| 2023-10-26 | CVE-2023-42769 | Improper Restriction of Excessive Authentication Attempts vulnerability in Sielco products The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter. | 9.8 |
| 2023-10-25 | CVE-2023-46123 | Improper Restriction of Excessive Authentication Attempts vulnerability in Fit2Cloud Jumpserver jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. | 5.3 |
| 2023-10-23 | CVE-2023-27152 | Improper Restriction of Excessive Authentication Attempts vulnerability in Opnsense 23.1 DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication. | 9.8 |
| 2023-10-23 | CVE-2023-37635 | Improper Restriction of Excessive Authentication Attempts vulnerability in Uvdesk Community-Skeleton 1.1.1 UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application. | 9.8 |
| 2023-10-19 | CVE-2022-24402 | Improper Restriction of Excessive Authentication Attempts vulnerability in Midnightblue Tetra:Burst The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks. | 7.5 |
| 2023-10-11 | CVE-2023-44111 | Improper Restriction of Excessive Authentication Attempts vulnerability in Huawei Emui and Harmonyos Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 |
| 2023-10-11 | CVE-2023-44096 | Improper Restriction of Excessive Authentication Attempts vulnerability in Huawei Emui and Harmonyos Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 |