Total
421 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27152 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 9.8 Critical |
| DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication. | ||||
| CVE-2023-26756 | 1 Revive | 1 Adserver | 2024-11-21 | 7.5 High |
| The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks. NOTE: The vendor's position is that this is effectively mitigated by rate limits and password-quality features. | ||||
| CVE-2023-26271 | 1 Ibm | 1 Guardium Cloud Key Manager | 2024-11-21 | 5.3 Medium |
| IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 248126. | ||||
| CVE-2023-26209 | 1 Fortinet | 1 Fortideceptor | 2024-11-21 | 3.5 Low |
| A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | ||||
| CVE-2023-26208 | 1 Fortinet | 1 Fortiauthenticator | 2024-11-21 | 3.5 Low |
| A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | ||||
| CVE-2023-24051 | 1 Connectize | 2 Ac21000 G6, Ac21000 G6 Firmware | 2024-11-21 | 9.8 Critical |
| A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via brute force style attacks. | ||||
| CVE-2022-45790 | 1 Omron | 92 Cj1g-cpu42p, Cj1g-cpu42p Firmware, Cj1g-cpu43p and 89 more | 2024-11-21 | 8.6 High |
| The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic. | ||||
| CVE-2022-44023 | 1 Pwndoc Project | 1 Pwndoc | 2024-11-21 | 5.3 Medium |
| PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for authentication attempts. | ||||
| CVE-2022-43947 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 4.7 Medium |
| An improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiOS version 7.2.0 through 7.2.3 and before 7.0.10, FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 administrative interface allows an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions. | ||||
| CVE-2022-43904 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 7.5 High |
| IBM Security Guardium 11.3 and 11.4 could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. IBM X-Force ID: 240895. | ||||
| CVE-2022-42478 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | 8.1 High |
| An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoints to brute force attack these endpoints. | ||||
| CVE-2022-37145 | 1 Plextrac | 1 Plextrac | 2024-11-21 | 7.5 High |
| The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an attempt to obtain valid credentials for the platform users configured to use the PlexTrac authentication provider. | ||||
| CVE-2022-37144 | 1 Plextrac | 1 Plextrac | 2024-11-21 | 8.8 High |
| The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. An unauthenticated remote attacker in possession of a valid username and password can bruteforce their way past MFA protections to login as the targeted user. | ||||
| CVE-2022-36781 | 1 Connectwise | 1 Screenconnect | 2024-11-21 | 5.3 Medium |
| ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default configuration. Attackers could exploit this vulnerability to gain unauthorized access by repeatedly attempting access code combinations. ConnectWise has addressed this issue in later versions by implementing rate-limiting controls as a preventive measure against brute force attacks. | ||||
| CVE-2022-35846 | 1 Fortinet | 1 Fortitester | 2024-11-21 | 8.1 High |
| An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack. | ||||
| CVE-2022-35490 | 1 Zammad | 1 Zammad | 2024-11-21 | 9.8 Critical |
| Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a prevention against brute-force attacks trying to guess login credentials. After a configurable amount of attempts, users are invalidated and logins prevented. An attacker might work around this prevention, enabling them to send more than the configured amount of requests before the user invalidation takes place. | ||||
| CVE-2022-33735 | 1 Huawei | 2 Ws7200-10, Ws7200-10 Firmware | 2024-11-21 | 6.5 Medium |
| There is a password verification vulnerability in WS7200-10 11.0.2.13. Attackers on the LAN may use brute force cracking to obtain passwords, which may cause sensitive system information to be disclosed. | ||||
| CVE-2022-31273 | 1 17ido | 1 Topidp3000 Topsec Operating System | 2024-11-21 | 9.8 Critical |
| An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to perform a brute-force attack via a crafted session_id cookie. | ||||
| CVE-2022-31234 | 1 Dell | 10 Emc Powerstore 1200t, Emc Powerstore 1200t Firmware, Emc Powerstore 3200t and 7 more | 2024-11-21 | 8.1 High |
| Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive Authentication Attempts Vulnerability in PowerStore Manager GUI. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users. | ||||
| CVE-2022-30305 | 1 Fortinet | 2 Fortideceptor, Fortisandbox | 2024-11-21 | 3.6 Low |
| An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts. | ||||