VYPR
Critical severity9.8NVD Advisory· Published Mar 28, 2017· Updated Jun 17, 2026

CVE-2016-9124

CVE-2016-9124

Description

Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users during such attacks. A random delay has instead been introduced as a countermeasure in case of password failures, along with a system to discourage parallel brute forcing. These systems will effectively allow the valid users to log in to the adserver, even while an attack is in progress.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*range: <=3.2.2
    • (no CPE)range: <3.2.3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.