Filtered by CWE-307
Filtered by vendor Subscriptions
Total 389 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-37145 1 Plextrac 1 Plextrac 2024-11-21 7.5 High
The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an attempt to obtain valid credentials for the platform users configured to use the PlexTrac authentication provider.
CVE-2022-37144 1 Plextrac 1 Plextrac 2024-11-21 8.8 High
The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. An unauthenticated remote attacker in possession of a valid username and password can bruteforce their way past MFA protections to login as the targeted user.
CVE-2022-36781 1 Connectwise 1 Screenconnect 2024-11-21 5.3 Medium
ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default configuration. Attackers could exploit this vulnerability to gain unauthorized access by repeatedly attempting access code combinations. ConnectWise has addressed this issue in later versions by implementing rate-limiting controls as a preventive measure against brute force attacks.
CVE-2022-36413 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 9.1 Critical
Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.
CVE-2022-35932 1 Nextcloud 1 Talk 2024-11-21 3.5 Low
Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are susceptible to brute force attacks if the attacker has the link/conversation token. It is recommended that the Nextcloud Talk application is upgraded to 12.2.7, 13.0.7 or 14.0.3. There are currently no known workarounds available apart from not having password protected conversations.
CVE-2022-35925 1 Joinbookwyrm 1 Bookwyrm 2024-11-21 5.3 Medium
BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in version 0.4.5. Admins with existing instances will need to update their `nginx.conf` file that was created when the instance was set up. Users are advised advised to upgrade. Users unable to upgrade may update their nginx.conf files with the changes manually.
CVE-2022-35846 1 Fortinet 1 Fortitester 2024-11-21 8.1 High
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin user via a brute force attack.
CVE-2022-35490 1 Zammad 1 Zammad 2024-11-21 9.8 Critical
Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a prevention against brute-force attacks trying to guess login credentials. After a configurable amount of attempts, users are invalidated and logins prevented. An attacker might work around this prevention, enabling them to send more than the configured amount of requests before the user invalidation takes place.
CVE-2022-34389 1 Dell 2 Supportassist For Business Pcs, Supportassist For Home Pcs 2024-11-21 3.7 Low
Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician.
CVE-2022-33735 1 Huawei 2 Ws7200-10, Ws7200-10 Firmware 2024-11-21 6.5 Medium
There is a password verification vulnerability in WS7200-10 11.0.2.13. Attackers on the LAN may use brute force cracking to obtain passwords, which may cause sensitive system information to be disclosed.
CVE-2022-33106 1 Wijungle 2 U250, U250 Firmware 2024-11-21 9.8 Critical
WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over.
CVE-2022-32515 1 Schneider-electric 2 Conext Combox, Conext Combox Firmware 2024-11-21 8.6 High
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conextâ„¢ ComBox (All Versions)
CVE-2022-31273 1 17ido 1 Topidp3000 Topsec Operating System 2024-11-21 9.8 Critical
An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to perform a brute-force attack via a crafted session_id cookie.
CVE-2022-31234 1 Dell 10 Emc Powerstore 1200t, Emc Powerstore 1200t Firmware, Emc Powerstore 3200t and 7 more 2024-11-21 8.1 High
Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive Authentication Attempts Vulnerability in PowerStore Manager GUI. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users.
CVE-2022-31228 1 Dell 3 Xtremio Management Server, Xtremio X1, Xtremio X2 2024-11-21 8.1 High
Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote unauthenticated attacker can potentially exploit this vulnerability and gain access to an admin account.
CVE-2022-31118 1 Nextcloud 1 Nextcloud Server 2024-11-21 6.5 Medium
Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares (`a-zA-Z0-9` ^ 15). It is recommended that the Nextcloud Server is upgraded to 22.2.9, 23.0.6 or 24.0.2. Users unable to upgrade may disable federated sharing via the Admin Sharing settings in `index.php/settings/admin/sharing`.
CVE-2022-30305 1 Fortinet 2 Fortideceptor, Fortisandbox 2024-11-21 3.6 Low
An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.
CVE-2022-30235 1 Schneider-electric 4 Wiser Smart Eer21000, Wiser Smart Eer21000 Firmware, Wiser Smart Eer21001 and 1 more 2024-11-21 8.6 High
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)
CVE-2022-2822 1 Octoprint 1 Octoprint 2024-11-21 7.5 High
An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts.
CVE-2022-2650 1 Wger 1 Wger 2024-11-21 9.8 Critical
Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2.