Vulnerabilities > Improper Restriction of Excessive Authentication Attempts

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-46123 Improper Restriction of Excessive Authentication Attempts vulnerability in Fit2Cloud Jumpserver
jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications.
network
low complexity
fit2cloud CWE-307
5.3
2023-10-23 CVE-2023-27152 Improper Restriction of Excessive Authentication Attempts vulnerability in Opnsense 23.1
DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication.
network
low complexity
opnsense CWE-307
critical
9.8
2023-10-23 CVE-2023-37635 Improper Restriction of Excessive Authentication Attempts vulnerability in Uvdesk Community-Skeleton 1.1.1
UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application.
network
low complexity
uvdesk CWE-307
critical
9.8
2023-10-19 CVE-2022-24402 Improper Restriction of Excessive Authentication Attempts vulnerability in Midnightblue Tetra:Burst
The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks.
network
low complexity
midnightblue CWE-307
7.5
2023-10-11 CVE-2023-44111 Improper Restriction of Excessive Authentication Attempts vulnerability in Huawei Emui and Harmonyos
Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.
network
low complexity
huawei CWE-307
7.5
2023-10-11 CVE-2023-44096 Improper Restriction of Excessive Authentication Attempts vulnerability in Huawei Emui and Harmonyos
Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.
network
low complexity
huawei CWE-307
7.5
2023-10-09 CVE-2023-43699 Improper Restriction of Excessive Authentication Attempts vulnerability in Sick Apu0200 Firmware
Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not limited.
network
low complexity
sick CWE-307
7.5
2023-09-27 CVE-2023-42818 Improper Restriction of Excessive Authentication Attempts vulnerability in Fit2Cloud Jumpserver
JumpServer is an open source bastion host.
network
low complexity
fit2cloud CWE-307
critical
9.8
2023-09-12 CVE-2023-40834 Improper Restriction of Excessive Authentication Attempts vulnerability in Opencart 4.0.2.2
OpenCart CMS v4.0.2.2 was discovered to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated attackers to gain access to the application via a brute force attack to the password parameter.
network
low complexity
opencart CWE-307
critical
9.8
2023-08-28 CVE-2023-26271 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Guardium Cloud KEY Manager
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-307
7.5