VYPR

CWE-307

Improper Restriction of Excessive Authentication Attempts

BaseDraft

Description

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-16 · CAPEC-49 · CAPEC-560 · CAPEC-565 · CAPEC-600 · CAPEC-652 · CAPEC-653

CVEs mapped to this weakness (225)

page 12 of 12
  • CVE-2020-7995Jan 26, 2020
    risk 0.00cvss epss 0.05

    The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.

  • CVE-2013-2228Dec 3, 2019
    risk 0.00cvss epss 0.02

    SaltStack RSA Key Generation allows remote users to decrypt communications

  • CVE-2019-18985Nov 15, 2019
    risk 0.00cvss epss 0.01

    Pimcore before 6.2.2 lacks brute force protection for the 2FA token.

  • CVE-2019-18986Nov 15, 2019
    risk 0.00cvss epss 0.01

    Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.

  • CVE-2018-14657Nov 13, 2018
    risk 0.00cvss epss 0.01

    A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.