CWE-307
Improper Restriction of Excessive Authentication Attempts
Description
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-16 · CAPEC-49 · CAPEC-560 · CAPEC-565 · CAPEC-600 · CAPEC-652 · CAPEC-653
CVEs mapped to this weakness (225)
page 12 of 12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-7995 | — | 0.00 | — | 0.05 | Jan 26, 2020 | The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts. | ||
| CVE-2013-2228 | 0.00 | — | 0.02 | Dec 3, 2019 | SaltStack RSA Key Generation allows remote users to decrypt communications | |||
| CVE-2019-18985 | — | 0.00 | — | 0.01 | Nov 15, 2019 | Pimcore before 6.2.2 lacks brute force protection for the 2FA token. | ||
| CVE-2019-18986 | — | 0.00 | — | 0.01 | Nov 15, 2019 | Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users. | ||
| CVE-2018-14657 | 0.00 | — | 0.01 | Nov 13, 2018 | A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures. |
- CVE-2020-7995Jan 26, 2020risk 0.00cvss —epss 0.05
The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.
- CVE-2013-2228Dec 3, 2019risk 0.00cvss —epss 0.02
SaltStack RSA Key Generation allows remote users to decrypt communications
- CVE-2019-18985Nov 15, 2019risk 0.00cvss —epss 0.01
Pimcore before 6.2.2 lacks brute force protection for the 2FA token.
- CVE-2019-18986Nov 15, 2019risk 0.00cvss —epss 0.01
Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.
- CVE-2018-14657Nov 13, 2018risk 0.00cvss —epss 0.01
A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.