Total
375 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0860 | 1 Modoboa | 1 Installer | 2023-02-24 | N/A | 7.5 HIGH |
| Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4. | |||||
| CVE-2023-25156 | 1 Kiwitcms | 1 Kiwi Tcms | 2023-02-24 | N/A | 9.8 CRITICAL |
| Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt brute-force attacks against the login page. Users should upgrade to v12.0 or later to receive a patch. As a workaround, users may install and configure a rate-limiting proxy in front of Kiwi TCMS. | |||||
| CVE-2022-32515 | 1 Schneider-electric | 2 Conext Combox, Conext Combox Firmware | 2023-02-07 | N/A | 9.8 CRITICAL |
| A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conextâ„¢ ComBox (All Versions) | |||||
| CVE-2018-14657 | 1 Redhat | 3 Keycloak, Linux, Single Sign-on | 2023-02-02 | 4.3 MEDIUM | 8.1 HIGH |
| A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures. | |||||
| CVE-2019-4310 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2023-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036. | |||||
| CVE-2021-22737 | 1 Schneider-electric | 4 Homelynk, Homelynk Firmware, Spacelynk and 1 more | 2023-01-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access of when credentials are discovered after a brute force attack. | |||||
| CVE-2022-4797 | 1 Usememos | 1 Memos | 2023-01-05 | N/A | 4.3 MEDIUM |
| Improper Restriction of Excessive Authentication Attempts in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2019-4068 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2022-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. IBM X-Force ID: 157013. | |||||
| CVE-2022-28384 | 1 Verbatim | 4 Keypad Secure Usb 3.2 Gen 1, Keypad Secure Usb 3.2 Gen 1 Firmware, Store \'n\' Go Secure Portable Hdd and 1 more | 2022-12-08 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they allow an offline brute-force attack for determining the correct passcode, and thus gaining unauthorized access to the stored encrypted data. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0. | |||||
| CVE-2019-4520 | 1 Ibm | 1 Security Directory Server | 2022-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 165178. | |||||
| CVE-2022-28386 | 1 Verbatim | 4 Gd25lk01-3637-c, Gd25lk01-3637-c Firmware, Keypad Secure Usb 3.2 Gen 1 and 1 more | 2022-12-06 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout (e.g., requiring a reformat of the drive after 20 failed unlock attempts) does not work as specified. More than 20 attempts may be made. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0. | |||||
| CVE-2019-4336 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2022-12-06 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161411. | |||||
| CVE-2022-2650 | 1 Wger | 1 Wger | 2022-11-30 | N/A | 9.8 CRITICAL |
| Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2. | |||||
| CVE-2020-7995 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 10.0 HIGH | 9.8 CRITICAL |
| The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts. | |||||
| CVE-2022-2166 | 1 Joinmastodon | 1 Mastodon | 2022-11-17 | N/A | 9.8 CRITICAL |
| Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0. | |||||
| CVE-2022-3945 | 1 Kavitareader | 1 Kavita | 2022-11-16 | N/A | 5.3 MEDIUM |
| Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3. | |||||
| CVE-2022-3741 | 1 Chatwoot | 1 Chatwoot | 2022-11-01 | N/A | 9.8 CRITICAL |
| Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \n\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise. | |||||
| CVE-2020-18698 | 1 Talelin | 1 Lin-cms-flask | 2022-10-26 | 5.0 MEDIUM | 9.8 CRITICAL |
| Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'. | |||||
| CVE-2022-39314 | 1 Getkirby | 1 Kirby | 2022-10-25 | N/A | 3.7 LOW |
| Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, Kirby is subject to user enumeration due to Improper Restriction of Excessive Authentication Attempts. This vulnerability affects you only if you are using the `code` or `password-reset` auth method with the `auth.methods` option or if you have enabled the `debug` option in production. By using two or more IP addresses and multiple login attempts, valid user accounts will lock, but invalid accounts will not, leading to account enumeration. This issue has been patched in versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1. If you cannot update immediately, you can work around the issue by setting the `auth.methods` option to `password`, which disables the code-based login and password reset forms. | |||||
| CVE-2022-35846 | 1 Fortinet | 1 Fortitester | 2022-10-20 | N/A | 9.8 CRITICAL |
| An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack. | |||||