Total
344 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-8827 | 1 Linuxfoundation | 1 Argo Continuous Delivery | 2021-07-21 | 7.5 High |
As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence. | ||||
CVE-2020-8790 | 1 Oklok Project | 1 Oklok | 2021-07-21 | 9.8 Critical |
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack. | ||||
CVE-2020-13835 | 1 Google | 1 Android | 2021-07-21 | 9.8 Critical |
An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. The Gatekeeper Trustlet allows a brute-force attack on user credentials. The Samsung ID is SVE-2020-16908 (June 2020). | ||||
CVE-2020-6852 | 1 Cacagoo | 2 Tv-288zd-2mp, Tv-288zd-2mp Firmware | 2021-07-21 | 9.8 Critical |
CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 has weak authentication of TELNET access, leading to root privileges without any password required. | ||||
CVE-2021-28127 | 1 Stormshield | 1 Stormshield Network Security | 2021-07-07 | 7.5 High |
An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur. | ||||
CVE-2020-15786 | 1 Siemens | 8 Simatic Hmi Basic Panels 2nd Generation, Simatic Hmi Basic Panels 2nd Generation Firmware, Simatic Hmi Comfort Panels and 5 more | 2021-06-08 | 9.8 Critical |
A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions <= V16), SIMATIC HMI Mobile Panels (All versions <= V16), SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. | ||||
CVE-2021-31646 | 1 Gestsup | 1 Gestsup | 2021-05-04 | 9.8 Critical |
Gestsup before 3.2.10 allows account takeover through the password recovery functionality (remote). The affected component is the file forgot_pwd.php - it uses a weak algorithm for the generation of password recovery tokens (the PHP uniqueid function), allowing a brute force attack. | ||||
CVE-2021-25676 | 1 Siemens | 8 Ruggedcom Rm1224, Ruggedcom Rm1224 Firmware, Scalance M-800 and 5 more | 2021-04-22 | 7.5 High |
A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically. | ||||
CVE-2019-18235 | 1 Advantech | 2 Spectre Rt Ert351, Spectre Rt Ert351 Firmware | 2021-03-23 | 9.8 Critical |
Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack. | ||||
CVE-2020-4891 | 1 Ibm | 1 Spectrum Scale | 2021-03-22 | 5.5 Medium |
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. IBM X-Force ID: 190974. | ||||
CVE-2021-27514 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-26 | 9.8 Critical |
EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation). | ||||
CVE-2020-35565 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2021-02-19 | 9.8 Critical |
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default. | ||||
CVE-2021-27188 | 1 Xn--b1agzlht | 1 Fx Aggregator Terminal Client | 2021-02-19 | 7.5 High |
The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim's account. | ||||
CVE-2020-35585 | 1 Mersive | 2 Solstice Pod, Solstice Pod Firmware | 2020-12-23 | 7.5 High |
In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities. | ||||
CVE-2020-35586 | 1 Mersive | 2 Solstice Pod, Solstice Pod Firmware | 2020-12-23 | 7.5 High |
In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase letters). | ||||
CVE-2020-25196 | 1 Moxa | 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware | 2020-12-23 | 9.8 Critical |
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication. | ||||
CVE-2020-35590 | 1 Limitloginattempts | 1 Limit Login Attempts Reloaded | 2020-12-22 | 9.8 Critical |
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of (per IP address) rate limits because the X-Forwarded-For header can be forged. When the plugin is configured to accept an arbitrary header for the client source IP address, a malicious user is not limited to perform a brute force attack, because the client IP header accepts any arbitrary string. When randomizing the header input, the login count does not ever reach the maximum allowed retries. | ||||
CVE-2020-28206 | 1 Bitrix24 | 1 Bitrix Framework | 2020-12-04 | 6.5 Medium |
An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User enumeration and Improper Restriction of Excessive Authentication Attempts" vulnerability exists in the admin login form, allowing a remote user to enumerate users in the administrator group. This also allows brute-force attacks on the passwords of users not in the administrator group. | ||||
CVE-2020-27423 | 1 Anuko | 1 Time Tracker | 2020-12-01 | 7.5 High |
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox | ||||
CVE-2020-29042 | 1 Bigbluebutton | 1 Bigbluebutton | 2020-11-29 | 3.7 Low |
An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code. |