Show CWE-307: Improper Restriction of Excessive Authentication Attempts - CXSecurity.com

	Topic	Date	Author
Low	M2B GSM Wireless Alarm System Brute Force Issue	28.11.2016	Gerhard Klostermeier
Low	innovaphone IP222 11r2 sr9 Brute Force	26.03.2016	Sven Freund

CVEMAP Search Results

CVE

Details

Description

2020-06-16

Medium

CVE-2020-7508

Updating...

A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force.

2020-06-09

Low

CVE-2020-13872

Updating...

Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach.

2020-06-04

Medium	CVE-2020-4193	Vendor: IBM Software: Security gua...	IBM Security Guardium 11.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 174857.
Medium	CVE-2020-13805	Vendor: Foxitsoftware Software: Phantompdf	An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures.

2020-05-07

Medium

CVE-2020-11052

Vendor: Sorcery project
Software: Sorcery

In Sorcery before 0.15.0, there is a brute force vulnerability when using password authentication via Sorcery. The brute force protection submodule will prevent a brute force attack for the defined lockout period, but once expired, protection will not be re-enabled until a user or malicious actor logs in successfully. This does not affect users that do not use the built-in brute force protection submodule, nor users that use permanent account lockout. This has been patched in 0.15.0.

2020-05-04

Medium

CVE-2020-10876

Updating...

The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute force the four-digit verification code in order to bypass email verification and change the password of a victim account.

2020-04-08

Medium

CVE-2020-1616

Vendor: Juniper
Software: Advanced thr...

Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0.

2020-04-07

Medium

CVE-2019-4393

Vendor: Hcltech
Software: Appscan

HCL AppScan Standard is vulnerable to excessive authorization attempts

2020-04-06

Low

CVE-2020-11582

Updating...

An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be reached by local HTTP clients, because up to 25 invalid lines are ignored, and because DNS rebinding can occur. (This server accepts, for example, a setcookie command that might be relevant to CVE-2020-11581 exploitation.)

2020-03-24

Medium

CVE-2020-10849

Updating...

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos7885, Exynos8895, and Exynos9810 chipsets) software. The Gatekeeper trustlet allows a brute-force attack on the screen lock password. The Samsung ID is SVE-2019-14575 (January 2020).

Copyright 2020, cxsecurity.com