Vulnerabilities > Improper Restriction of Excessive Authentication Attempts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-27 | CVE-2023-25818 | Improper Restriction of Excessive Authentication Attempts vulnerability in Nextcloud Server Nextcloud server is an open source, personal cloud implementation. | 7.1 |
| 2023-03-23 | CVE-2022-36413 | Improper Restriction of Excessive Authentication Attempts vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications. | 9.1 |
| 2023-03-22 | CVE-2023-27100 | Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests. | 9.8 |
| 2023-03-09 | CVE-2022-29056 | Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortimail A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | 5.3 |
| 2023-03-09 | CVE-2023-26208 | Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortiauthenticator A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | 5.3 |
| 2023-03-09 | CVE-2023-26209 | Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortideceptor A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | 5.3 |
| 2023-03-02 | CVE-2023-1101 | Improper Restriction of Excessive Authentication Attempts vulnerability in Sonicwall Sonicos SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes. | 8.8 |
| 2023-03-02 | CVE-2023-26476 | Improper Restriction of Excessive Authentication Attempts vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 7.5 |
| 2023-02-21 | CVE-2023-24080 | Improper Restriction of Excessive Authentication Attempts vulnerability in Chamberlain MYQ 5.222.0.32277 A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack. | 9.8 |
| 2023-02-15 | CVE-2023-25156 | Improper Restriction of Excessive Authentication Attempts vulnerability in Kiwitcms Kiwi Tcms Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. | 9.8 |