Total
344 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1126 | 1 Microsoft | 3 Windows Server 2012, Windows Server 2016, Windows Server 2019 | 2020-08-24 | N/A |
| A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password brute-force attack or cause account lockouts in Active Directory.This security update corrects how ADFS handles external authentication requests., aka 'ADFS Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0975. | ||||
| CVE-2019-20031 | 1 Nec | 4 Um4730, Um4730 Firmware, Um8000 and 1 more | 2020-08-03 | 9.1 Critical |
| NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number of login attempts in the telephone user interface (TUI), effectively allowing brute force attacks. | ||||
| CVE-2020-8202 | 1 Nextcloud | 1 Preferred Providers | 2020-08-03 | 5.3 Medium |
| Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password. | ||||
| CVE-2020-14484 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2020-07-22 | 9.8 Critical |
| OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass the system’s account lockout protection, which may allow brute force password attacks. | ||||
| CVE-2020-15367 | 1 Venki | 1 Supravizio Bpm | 2020-07-15 | 9.8 Critical |
| Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. | ||||
| CVE-2020-7508 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2020-06-17 | 9.8 Critical |
| A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force. | ||||
| CVE-2020-13872 | 2 Microsoft, Royalapps | 2 Windows, Royal Ts | 2020-06-12 | 8.8 High |
| Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach. | ||||
| CVE-2020-4193 | 1 Ibm | 1 Security Guardium | 2020-06-05 | 9.8 Critical |
| IBM Security Guardium 11.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 174857. | ||||
| CVE-2019-17525 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2020-06-04 | 8.8 High |
| The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks. | ||||
| CVE-2020-13805 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2020-06-04 | 9.8 Critical |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures. | ||||
| CVE-2020-10876 | 2 Mica, Oklok Project | 2 Fingerprint Bluetooth Padlock Fb50, Oklok | 2020-05-15 | 7.5 High |
| The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute force the four-digit verification code in order to bypass email verification and change the password of a victim account. | ||||
| CVE-2020-11052 | 1 Sorcery Project | 1 Sorcery | 2020-05-13 | 9.8 Critical |
| In Sorcery before 0.15.0, there is a brute force vulnerability when using password authentication via Sorcery. The brute force protection submodule will prevent a brute force attack for the defined lockout period, but once expired, protection will not be re-enabled until a user or malicious actor logs in successfully. This does not affect users that do not use the built-in brute force protection submodule, nor users that use permanent account lockout. This has been patched in 0.15.0. | ||||
| CVE-2020-1616 | 1 Juniper | 2 Advanced Threat Protection, Virtual Advanced Threat Protection | 2020-04-14 | 5.3 Medium |
| Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0. | ||||
| CVE-2019-4393 | 1 Hcltech | 1 Appscan | 2020-04-08 | 9.8 Critical |
| HCL AppScan Standard is vulnerable to excessive authorization attempts | ||||
| CVE-2020-10849 | 2 Google, Samsung | 4 Android, Exynos 7885, Exynos 8895 and 1 more | 2020-03-26 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos7885, Exynos8895, and Exynos9810 chipsets) software. The Gatekeeper trustlet allows a brute-force attack on the screen lock password. The Samsung ID is SVE-2019-14575 (January 2020). | ||||
| CVE-2009-5140 | 1 Linksys | 2 Spa2102, Spa2102 Firmware | 2020-02-14 | 8.8 High |
| The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue. | ||||
| CVE-2013-1895 | 2 Fedoraproject, Python | 2 Fedora, Py-bcrypt | 2020-02-04 | 7.5 High |
| The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten. | ||||
| CVE-2013-4441 | 1 Pwgen Project | 1 Pwgen | 2020-01-30 | 9.8 Critical |
| The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. | ||||
| CVE-2020-7057 | 1 Hikvision | 2 Ds-7204hghi-f1, Ds-7204hghi-f1 Firmware | 2020-01-24 | 5.3 Medium |
| Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed. | ||||
| CVE-2019-18261 | 1 Omron | 3 Plc Cj Firmware, Plc Cs Firmware, Plc Nj Firmware | 2019-12-27 | 9.8 Critical |
| In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, all versions, the software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks. | ||||