CWE:
 

Tytuł
Data
Autor
Low
M2B GSM Wireless Alarm System Brute Force Issue
28.11.2016
Gerhard Klostermeier
Low
innovaphone IP222 11r2 sr9 Brute Force
26.03.2016
Sven Freund


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2021-12-10
Medium
CVE-2021-37934

Vendor: Huntflow
Software: Huntflow ent...
 

 
Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform multiple login attempts for brute-force password guessing.

 
2021-11-30
Medium
CVE-2021-42544

Vendor: Businessdnasolutions
Software: Topease
 

 

 
2021-11-23
Medium
CVE-2021-38890

Updating...
 

 
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507.

 
2021-11-19
High
CVE-2021-41435

Updating...
 

 
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.

 
Medium
CVE-2021-44033

Vendor: Ionic
Software: Identity vault
 

 
In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed.

 
2021-11-12
Low
CVE-2021-43332

Vendor: GNU
Software: Mailman
 

 
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.

 
2021-11-03
Medium
CVE-2021-33209

Vendor: Fimer
Software: Aurora vision
 

 
An issue was discovered in Fimer Aurora Vision before 2.97.10. The response to a failed login attempt discloses whether the username or password is wrong, helping an attacker to enumerate usernames. This can make a brute-force attack easier.

 
2021-10-22
Low
CVE-2021-41171

Vendor: Elabftw
Software: Elabftw
 

 
eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing brute force login protection, as recommended by Owasp with Device Cookies. This mechanism will not impact users and will effectively thwart any brute-force attempts at guessing passwords. The only correct way to address this is to upgrade to version 4.1.0. Adding rate limitation upstream of the eLabFTW service is of course a valid option, with or without upgrading.

 
2021-10-21
Medium
CVE-2021-42096

Vendor: GNU
Software: Mailman
 

 
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.

 
2021-10-19
Medium
CVE-2021-38474

Updating...
 

 
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product. This may allow an attacker to execute a brute-force password attack with no time limitation and without harming the normal operation of the user. This could allow an attacker to gain valid credentials for the product interface.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top