CWE:

	Topic	Date	Author
Low	M2B GSM Wireless Alarm System Brute Force Issue	28.11.2016	Gerhard Klostermeier
Low	innovaphone IP222 11r2 sr9 Brute Force	26.03.2016	Sven Freund

---

CVEMAP Search Results

CVE

Details

Description

2021-11-23

Medium

CVE-2021-38890

Updating...

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507.

2021-11-19

High	CVE-2021-41435	Updating...	A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.
Medium	CVE-2021-44033	Vendor: Ionic Software: Identity vault	In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed.

2021-11-12

Low

CVE-2021-43332

Vendor: GNU Software: Mailman

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.

2021-11-03

Medium

CVE-2021-33209

Vendor: Fimer Software: Aurora vision

An issue was discovered in Fimer Aurora Vision before 2.97.10. The response to a failed login attempt discloses whether the username or password is wrong, helping an attacker to enumerate usernames. This can make a brute-force attack easier.

2021-10-22

Low

CVE-2021-41171

Vendor: Elabftw Software: Elabftw

eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing brute force login protection, as recommended by Owasp with Device Cookies. This mechanism will not impact users and will effectively thwart any brute-force attempts at guessing passwords. The only correct way to address this is to upgrade to version 4.1.0. Adding rate limitation upstream of the eLabFTW service is of course a valid option, with or without upgrading.

2021-10-21

Medium

CVE-2021-42096

Vendor: GNU Software: Mailman

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.

2021-10-19

Medium

CVE-2021-38474

Updating...

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product. This may allow an attacker to execute a brute-force password attack with no time limitation and without harming the normal operation of the user. This could allow an attacker to gain valid credentials for the product interface.

2021-09-28

Low	CVE-2021-36284	Updating...	Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive admin password attempt mitigations in order to carry out a brute force attack.
Low	CVE-2021-36285	Updating...	Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute force attack.

 

---

Copyright 2021, cxsecurity.com