Vulnerabilities > Improper Restriction of Excessive Authentication Attempts

DATE CVE VULNERABILITY TITLE RISK
2023-03-02 CVE-2023-26476 Improper Restriction of Excessive Authentication Attempts vulnerability in Xwiki
XWiki Platform is a generic wiki platform.
network
low complexity
xwiki CWE-307
7.5
2023-02-21 CVE-2023-24080 Improper Restriction of Excessive Authentication Attempts vulnerability in Chamberlain MYQ 5.222.0.32277
A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack.
network
low complexity
chamberlain CWE-307
critical
9.8
2023-02-16 CVE-2023-0860 Improper Restriction of Excessive Authentication Attempts vulnerability in Modoboa Installer 2.0.3
Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4.
network
low complexity
modoboa CWE-307
7.5
2023-02-15 CVE-2023-25156 Improper Restriction of Excessive Authentication Attempts vulnerability in Kiwitcms Kiwi Tcms
Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0.
network
low complexity
kiwitcms CWE-307
critical
9.8
2023-02-11 CVE-2022-34389 Improper Restriction of Excessive Authentication Attempts vulnerability in Dell products
Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component.
network
low complexity
dell CWE-307
5.3
2023-01-30 CVE-2022-32515 Improper Restriction of Excessive Authentication Attempts vulnerability in Schneider-Electric Conext Combox Firmware
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form.
network
low complexity
schneider-electric CWE-307
critical
9.8
2023-01-30 CVE-2023-24020 Improper Restriction of Excessive Authentication Attempts vulnerability in Snapav Wattbox Wb-300-Ip-3 Firmware Wb10.9A17
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection, allowing multiple attempts to force a login.
network
low complexity
snapav CWE-307
critical
9.8
2023-01-23 CVE-2023-22960 Improper Restriction of Excessive Authentication Attempts vulnerability in Lexmark products
Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency.
network
low complexity
lexmark CWE-307
7.5
2023-01-20 CVE-2021-27782 Improper Restriction of Excessive Authentication Attempts vulnerability in Hcltech Bigfix Mobile 2.0
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts.
network
low complexity
hcltech CWE-307
7.5
2023-01-10 CVE-2022-38491 Improper Restriction of Excessive Authentication Attempts vulnerability in Easyvista Service Manager 2020.2.125.3/2022.1.109.0.03
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03.
network
low complexity
easyvista CWE-307
7.5