31 matches found
Deciso OPNsense 安全漏洞
Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Versions of Decivo OPNsense prior to 26.1.7 contained security vulnerabilities. These vulnerabilities were caused by logical flaws in the lockouthandler module, allowing...
PT-2026-33118
OpenProject is an open-source project management application. In versions prior to 17.3.0, 2FA OTP verification in the confirm otp action of the two factor authentication module has no rate limiting, lockout mechanism, or failed-attempt tracking. The existing brute force block after failed logins...
Improper Control of Interaction Frequency
Overview django-phone-verify is an A Django app to support phone number verification using security code sent via SMS. Affected versions of this package are vulnerable to Improper Control of Interaction Frequency due to the absence of failed attempt tracking and lockout mechanisms in the...
CVE-2025-64102
Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, an attacker can perform an online brute-force attack on OTP, TOTP, and passwords. While Zitadel allows preventing online brute force attacks in scenarios like TOTP, Email OTP, or passwords using a lockout...
CVE-2025-64102
Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, an attacker can perform an online brute-force attack on OTP, TOTP, and passwords. While Zitadel allows preventing online brute force attacks in scenarios like TOTP, Email OTP, or passwords using a lockout...
CVE-2025-64102 Zitadel allows brute-forcing authentication factors
Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, an attacker can perform an online brute-force attack on OTP, TOTP, and passwords. While Zitadel allows preventing online brute force attacks in scenarios like TOTP, Email OTP, or passwords using a lockout...
EUVD-2015-0544
Malware in sbrugna...
CVE-2025-5241
CVE-2025-5241 affects Mitsubishi Electric MELSEC iQ-F Series. A remote, unauthenticated attacker can trigger a denial-of-service by exploiting an overly restrictive account lockout mechanism, causing legitimate users to be blocked for a period after repeated incorrect login attempts. The impact i...
CVE-2024-55008
JATOS 3.9.4 contains a denial-of-service DoS vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts. Specifically, by submitting 3 incorrect login attempts every minute, the...
CVE-2024-55008
CVE-2024-55008 concerns JATOS 3.9.4, where an authentication DoS can lock out user accounts. The document set confirms the vulnerability arises from the login flow: submitting 3 incorrect login attempts per minute can trigger an account-level lockout, affecting any user regardless of privileges, ...
CVE-2024-55008
JATOS 3.9.4 contains a denial-of-service DoS vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts. Specifically, by submitting 3 incorrect login attempts every minute, the...
NetIQ Advanced Authentication Brute Force Vulnerability
NetIQ Advanced Authentication is an application from NetIQ UK. It provides a more secure way to protect your sensitive information by moving away from usernames and passwords. A brute force vulnerability exists in NetIQ Advanced Authentication versions prior to 6.3.5.1, which stems from not...
GO-2024-2788 ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass in github.com/zitadel/zitadel
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...
PT-2024-26025 · Unknown · Kioware For Windows
Name of the Vulnerable Software and Affected Versions: KioWare for Windows versions all through 8.35 Description: The issue allows for brute forcing the PIN number that protects the application from being closed, due to the lack of mechanisms preventing excessive guessing of the number...
CVE-2024-32868 ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass
ZITADEL provides users the possibility to use Time-based One-Time-Password TOTP and One-Time-Password OTP through SMS and Email. While ZITADEL already gives administrators the option to define a Lockout Policy with a maximum amount of failed password check attempts, there was no such mechanism fo...
CVE-2024-32868 ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass
ZITADEL provides users the possibility to use Time-based One-Time-Password TOTP and One-Time-Password OTP through SMS and Email. While ZITADEL already gives administrators the option to define a Lockout Policy with a maximum amount of failed password check attempts, there was no such mechanism fo...
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass
Impact ZITADEL provides users the possibility to use Time-based One-Time-Password TOTP and One-Time-Password OTP through SMS and Email. While ZITADEL already gives administrators the option to define a Lockout Policy with a maximum amount of failed password check attempts, there was no such...
CVE-2020-10285
The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts to gain access...
Authentication flaw
The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts to gain access...
CVE-2015-5010
IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack...