Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-02 | CVE-2023-1101 | Improper Restriction of Excessive Authentication Attempts vulnerability in Sonicwall Sonicos SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes. | 8.8 |
| 2023-03-02 | CVE-2023-26476 | Improper Restriction of Excessive Authentication Attempts vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 7.5 |
| 2023-02-21 | CVE-2023-24080 | Improper Restriction of Excessive Authentication Attempts vulnerability in Chamberlain MYQ 5.222.0.32277 A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack. | 9.8 |
| 2023-02-15 | CVE-2023-25156 | Improper Restriction of Excessive Authentication Attempts vulnerability in Kiwitcms Kiwi Tcms Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. | 9.8 |
| 2023-02-11 | CVE-2022-34389 | Improper Restriction of Excessive Authentication Attempts vulnerability in Dell products Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. | 5.3 |
| 2023-01-23 | CVE-2023-22960 | Improper Restriction of Excessive Authentication Attempts vulnerability in Lexmark products Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency. | 7.5 |
| 2023-01-20 | CVE-2021-27782 | Improper Restriction of Excessive Authentication Attempts vulnerability in Hcltech Bigfix Mobile 2.0 HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts. | 7.5 |
| 2023-01-10 | CVE-2022-38491 | Improper Restriction of Excessive Authentication Attempts vulnerability in Easyvista Service Manager 2020.2.125.3/2022.1.109.0.03 An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. | 7.5 |
| 2022-12-26 | CVE-2022-26964 | Improper Restriction of Excessive Authentication Attempts vulnerability in Devolutions Remote Desktop Manager Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows information disclosure via a password brute-force attack. | 7.5 |
| 2022-12-25 | CVE-2022-45893 | Improper Restriction of Excessive Authentication Attempts vulnerability in Planetestream Planet Estream Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative and high-privileged user accounts by changing the value of the ON cookie. | 8.8 |