138 matches found
Brute-Force Attack
ethycafides is vulnerable to brute-force attack. The vulnerability is due to the absence of specific anti-automation controls on the Admin UI login endpoint, which allows an attacker to perform credential testing attacks such as credential stuffing or password spraying to gain unauthorized access...
EUVD-2019-5245
Malware in sbrugna...
EUVD-2021-1501
Malware in sbrugna...
PT-2025-36508
Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.69.1 Description: Fides is an open-source privacy engineering platform. The Admin UI login endpoint relies on a general IP-based rate limit and lacks specific anti-automation controls, potentially allowing attackers ...
CVE-2020-8827
As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence...
CVE-2019-13983
Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php...
BIT-ARGO-CD-2020-8827
As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence...
Insecure Access Controls
github.com/argoproj/argo-cd uses insecure access controls. The Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-brute-force measures. An attacker is able to repeatedly perform authentication attempts to discover user credentials...
GHSA-XCQR-9H24-VRGW Improper Restriction of Excessive Authentication Attempts in Argo API
As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence. Specific Go Packages Affected...
Improper Restriction of Excessive Authentication Attempts in Argo API
As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence. Specific Go Packages Affected...
Improper Restriction of Excessive Authentication Attempts
As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence...
API Discovery and Profiling -- Visibility to Protection
APIs have become a dominant mechanism in the modern web, allowing organizations to create powerful web and mobile experiences, while exposing back-end data and logic to create new and innovative offerings. Protecting internet-facing APIs -- an emerging practice over the past few years -- is the...
Argo Authorization Issue Vulnerability (CNVD-2020-27456)
Argo is an open source container native workflow engine. Argo suffers from an authorization issue vulnerability that stems from the program not implementing anti-automation protections. An attacker could use this vulnerability to brute-force break the administrator password...
CVE-2020-8827
As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence...
CVE-2020-8827
As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence...
Authentication flaw
As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence...
CVE-2020-8827
Argo CD is affected by a rate-limiting/brute-force vulnerability built on a weak, cache-based login attempt tracker. Prior to versions 2.8.13, 2.9.9, and 2.10.4, attackers can overflow the per-user login-attempt cache, bypass rate limits, and escalate brute-force attempts against the default admi...
CVE-2020-8827
As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence...
CVE-2019-13983
Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php...
CVE-2019-13983
Directus 7 API before 2.2.2 is affected by insufficient anti-automation due to lack of CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php. This creates a risk of automated login attempts (brute force). The evidence across multiple sources confirms the vulnerability in Direct...