Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-06 | CVE-2023-4625 | Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishielectric products Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. | 5.3 |
| 2023-11-03 | CVE-2023-41350 | Improper Restriction of Excessive Authentication Attempts vulnerability in Nokia G-040W-Q Firmware G040Wqr201207 Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. | 9.8 |
| 2023-10-31 | CVE-2023-37832 | Improper Restriction of Excessive Authentication Attempts vulnerability in Elenos Etg150 Firmware 3.12 A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user credentials via brute force and cause other unspecified impacts. | 7.5 |
| 2023-10-31 | CVE-2015-20110 | Improper Restriction of Excessive Authentication Attempts vulnerability in Jhipster JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. | 7.5 |
| 2023-10-26 | CVE-2023-5754 | Improper Restriction of Excessive Authentication Attempts vulnerability in Sielco products Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. | 9.8 |
| 2023-10-26 | CVE-2023-42769 | Improper Restriction of Excessive Authentication Attempts vulnerability in Sielco products The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter. | 9.8 |
| 2023-10-25 | CVE-2023-46123 | Improper Restriction of Excessive Authentication Attempts vulnerability in Fit2Cloud Jumpserver jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. | 5.3 |
| 2023-10-23 | CVE-2023-27152 | Improper Restriction of Excessive Authentication Attempts vulnerability in Opnsense 23.1 DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication. | 9.8 |
| 2023-10-23 | CVE-2023-37635 | Improper Restriction of Excessive Authentication Attempts vulnerability in Uvdesk Community-Skeleton 1.1.1 UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application. | 9.8 |
| 2023-10-19 | CVE-2022-24402 | Improper Restriction of Excessive Authentication Attempts vulnerability in Midnightblue Tetra:Burst The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks. | 7.5 |