Total
371 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-45589 | 1 Identityautomation | 3 Rapididentity, Rapididentity Cloud, Rapididentity Lts | 2024-09-12 | 6.5 Medium |
RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 improperly restricts excessive authentication attempts and allows a remote attacker to cause a denial of service via the username parameters. | ||||
CVE-2024-45327 | 1 Fortinet | 1 Fortisoar | 2024-09-12 | 7.1 High |
An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTTP requests. | ||||
CVE-2023-27152 | 1 Opnsense | 1 Opnsense | 2024-09-11 | 9.8 Critical |
DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication. | ||||
CVE-2023-37635 | 1 Uvdesk | 1 Community-skeleton | 2024-09-11 | 9.8 Critical |
UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application. | ||||
CVE-2023-46123 | 1 Fit2cloud | 1 Jumpserver | 2024-09-10 | 5.3 Medium |
jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability, attackers can effectively make unlimited password attempts by altering their apparent IP address for each request. This vulnerability has been patched in version 3.8.0. | ||||
CVE-2024-39874 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-09-09 | 7.5 High |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its Client Communication component. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks. | ||||
CVE-2024-39873 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-09-09 | 7.5 High |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks. | ||||
CVE-2024-32771 | 2024-09-09 | 2.6 Low | ||
An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors. QuTScloud is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2782 build 20240601 and later QuTS hero h5.2.0.2782 build 20240601 and later | ||||
CVE-2023-41350 | 1 Nokia | 2 G-040w-q, G-040w-q Firmware | 2024-09-06 | 7.5 High |
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks. | ||||
CVE-2015-20110 | 1 Jhipster | 1 Jhipster | 2024-09-06 | 7.5 High |
JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters. | ||||
CVE-2024-8462 | 2024-09-05 | 3.7 Low | ||
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.390.1 is able to address this issue. The patch is identified as acfe7786152f036f2476f93ab5536571514fa9e3. It is recommended to upgrade the affected component. | ||||
CVE-2024-39917 | 1 Neutrinolabs | 1 Xrdp | 2024-09-05 | 7.2 High |
xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts. | ||||
CVE-2023-42480 | 1 Sap | 1 Netweaver Application Server Java | 2024-09-03 | 5.3 Medium |
The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability. | ||||
CVE-2023-45582 | 1 Fortinet | 1 Fortimail | 2024-08-30 | 5.3 Medium |
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 through 7.2.4, 7.0.0 through 7.0.6 and before 6.4.8 may allow an unauthenticated attacker to perform a brute force attack on the affected endpoints via repeated login attempts. | ||||
CVE-2023-41270 | 1 Samsung | 2 Ue40d7000, Ue40d7000 Firmware | 2024-08-29 | 3.5 Low |
Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV UE40D7000 version T-GAPDEUC-1033.2 and before allows attackers to cause a denial of service via WPS attack tools. | ||||
CVE-2024-22425 | 2024-08-29 | 6.5 Medium | ||
Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner. | ||||
CVE-2023-48028 | 1 Kodcloud | 1 Kodbox | 2024-08-29 | 9.8 Critical |
kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack. | ||||
CVE-2023-46745 | 1 Librenms | 1 Librenms | 2024-08-29 | 5.3 Medium |
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain access to user accounts. This issue has been addressed in version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
CVE-2024-42466 | 1 Upkeeper | 1 Upkeeper Manager | 2024-08-28 | 9.8 Critical |
Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9. | ||||
CVE-2024-42465 | 1 Upkeeper | 1 Upkeeper Manager | 2024-08-28 | 9.8 Critical |
Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9. |