Total
371 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-10004 | 1 Telecomsoftware | 2 Samwin Agent, Samwin Contact Center | 2024-08-06 | 6.5 Medium |
A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. This vulnerability affects the function passwordScramble in the library SAMwinLIBVB.dll of the component Password Handler. Incorrect implementation of a hashing function leads to predictable authentication possibilities. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component. | ||||
CVE-2013-4441 | 1 Pwgen Project | 1 Pwgen | 2024-08-06 | 9.8 Critical |
The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. | ||||
CVE-2013-2257 | 1 Cryptocat Project | 1 Cryptocat | 2024-08-06 | 7.5 High |
Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness | ||||
CVE-2013-2228 | 1 Saltstack | 1 Saltstack | 2024-08-06 | 8.1 High |
SaltStack RSA Key Generation allows remote users to decrypt communications | ||||
CVE-2013-1895 | 2 Fedoraproject, Python | 2 Fedora, Py-bcrypt | 2024-08-06 | 7.5 High |
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten. | ||||
CVE-2014-2875 | 1 Keplerproject | 1 Cgilua | 2024-08-06 | 6.1 Medium |
The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID. | ||||
CVE-2016-9124 | 1 Revive-adserver | 1 Revive Adserver | 2024-08-06 | N/A |
Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users during such attacks. A random delay has instead been introduced as a countermeasure in case of password failures, along with a system to discourage parallel brute forcing. These systems will effectively allow the valid users to log in to the adserver, even while an attack is in progress. | ||||
CVE-2017-16900 | 1 Hunesion | 1 I-onenet | 2024-08-05 | 5.5 Medium |
Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the local user to access other user's information which is unauthorized via brute force. | ||||
CVE-2017-14423 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2024-08-05 | 7.5 High |
htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests. | ||||
CVE-2017-12316 | 1 Cisco | 1 Identity Services Engine Software | 2024-08-05 | N/A |
A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Guest Portal login page. An exploit could allow the attacker to perform brute-force password attacks on the ISE Guest Portal. Cisco Bug IDs: CSCve98518. | ||||
CVE-2024-32868 | 2024-08-05 | 6.5 Medium | ||
ZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email. While ZITADEL already gives administrators the option to define a `Lockout Policy` with a maximum amount of failed password check attempts, there was no such mechanism for (T)OTP checks. This issue has been patched in version 2.50.0. | ||||
CVE-2017-7915 | 1 Moxa | 12 Oncell 5004-hspa, Oncell 5004-hspa Firmware, Oncell 5104-hsdpa and 9 more | 2024-08-05 | N/A |
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. An attacker can freely use brute force to determine parameters needed to bypass authentication. | ||||
CVE-2017-7898 | 1 Rockwellautomation | 21 1763-l16awa Series A, 1763-l16awa Series B, 1763-l16bbb Series A and 18 more | 2024-08-05 | N/A |
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. There are no penalties for repeatedly entering incorrect passwords. | ||||
CVE-2017-7673 | 1 Apache | 1 Openmeetings | 2024-08-05 | N/A |
Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection. | ||||
CVE-2017-1197 | 1 Ibm | 1 Bigfix Security Compliance Analytics | 2024-08-05 | N/A |
IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 123672. | ||||
CVE-2018-19879 | 1 Teltonika | 2 Rut950, Rut950 Firmware | 2024-08-05 | N/A |
An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login attempts with an automated tool. This ability could lead to cracking a targeted user's password. | ||||
CVE-2018-19548 | 1 Rudrasoftech | 1 Edusec | 2024-08-05 | N/A |
index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm[username] and LoginForm[password] parameters, which might make it easier for remote attackers to obtain access via a brute-force approach. | ||||
CVE-2018-16703 | 1 Gleeztech | 1 Gleez Cms | 2024-08-05 | N/A |
A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker to perform multiple user enumerations, which can further help an attacker to perform login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side access control and login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Portal login page. An exploit could allow the attacker to identify existing users and perform brute-force password attacks on the Portal, as demonstrated by navigating to the user/4 URI. | ||||
CVE-2018-14657 | 1 Redhat | 5 Jboss Single Sign On, Keycloak, Linux and 2 more | 2024-08-05 | 8.1 High |
A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures. | ||||
CVE-2018-12993 | 1 Onefilecms | 1 Onefilecms | 2024-08-05 | N/A |
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks via the onefilecms_username and onefilecms_password fields. |