Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-09 | CVE-2023-26208 | Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortiauthenticator A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | 5.3 |
| 2023-03-09 | CVE-2023-26209 | Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortideceptor A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | 5.3 |
| 2023-03-02 | CVE-2023-1101 | Improper Restriction of Excessive Authentication Attempts vulnerability in Sonicwall Sonicos SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes. | 8.8 |
| 2023-03-02 | CVE-2023-26476 | Improper Restriction of Excessive Authentication Attempts vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 7.5 |
| 2023-02-21 | CVE-2023-24080 | Improper Restriction of Excessive Authentication Attempts vulnerability in Chamberlain MYQ 5.222.0.32277 A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack. | 9.8 |
| 2023-02-15 | CVE-2023-25156 | Improper Restriction of Excessive Authentication Attempts vulnerability in Kiwitcms Kiwi Tcms Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. | 9.8 |
| 2023-02-11 | CVE-2022-34389 | Improper Restriction of Excessive Authentication Attempts vulnerability in Dell products Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. | 5.3 |
| 2023-01-23 | CVE-2023-22960 | Improper Restriction of Excessive Authentication Attempts vulnerability in Lexmark products Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency. | 7.5 |
| 2023-01-20 | CVE-2021-27782 | Improper Restriction of Excessive Authentication Attempts vulnerability in Hcltech Bigfix Mobile 2.0 HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts. | 7.5 |
| 2023-01-10 | CVE-2022-38491 | Improper Restriction of Excessive Authentication Attempts vulnerability in Easyvista Service Manager 2020.2.125.3/2022.1.109.0.03 An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. | 7.5 |