319 matches found
Enterprise Security Incident Analysis and Countermeasures Based on the T-Mobile Data Breach
This paper presents a comprehensive analysis of T-Mobile's critical data breaches in 2021 and 2023, alongside a full-spectrum security audit targeting its systems, infrastructure, and publicly exposed endpoints. By combining case-based vulnerability assessments with active ethical hacking...
Exploit for Uncontrolled Resource Consumption in Oracle Mysql_Cluster
CVE-2025-21574-Exploit Key Features of this Black-Box Exploi...
CVE-2024-28825
Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 beta, 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 EOL facilitates password brute-forcing...
CVE-2024-28833
Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms...
CVE-2024-49358
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint http:///v1/users/login in ZimaOS returns distinct responses based on whether a username exists or the password is incorrect. This behavior can b...
CVE-2021-25839
A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing...
CVE-2019-5263
HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305MAC and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting th...
Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery
Cybersecurity researchers have disclosed a surge in "mass scanning, credential brute-forcing, and exploitation attempts" originating from IP addresses associated with a Russian bulletproof hosting service provider named Proton66. The activity, detected since January 8, 2025, targeted organization...
Password Spray Attacks Taking Advantage of Lax MFA
In the first quarter of 2025, Rapid7’s Managed Threat Hunting team observed a significant volume of brute-force password attempts leveraging FastHTTP, a high-performance HTTP server and client library for Go, to automate unauthorized logins via HTTP requests. This rapid volume of credential...
CVE-2025-1496
Improper Restriction of Excessive Authentication Attempts vulnerability in BG-TEK Coslat Hotspot allows Password Brute Forcing, Authentication Abuse. This issue affects Coslat Hotspot: before 6.26.0.R.20250227...
CVE-2025-1496
The CVE-2025-1496 entry concerns BG-TEK Coslat Hotspot with an improper restriction of excessive authentication attempts, enabling password brute forcing and authentication abuse. Affected product: Coslat Hotspot before version 6.26.0.R.20250227. Root cause described as insufficient protection ag...
CVE-2025-1496 Improper Authentication in BG-TEK's Coslat Hotspot
Improper Restriction of Excessive Authentication Attempts vulnerability in BG-TEK Coslat Hotspot allows Password Brute Forcing, Authentication Abuse. This issue affects Coslat Hotspot: before 6.26.0.R.20250227...
CVE-2025-1496 Improper Authentication in BG-TEK's Coslat Hotspot
Improper Restriction of Excessive Authentication Attempts vulnerability in BG-TEK Coslat Hotspot allows Password Brute Forcing, Authentication Abuse. This issue affects Coslat Hotspot: before 6.26.0.R.20250227...
CVE-2025-26486
Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to password hashes to bruteforce user password...
CVE-2025-22645
Improper Restriction of Excessive Authentication Attempts vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Password Brute Forcing.This issue affects Real Estate Manager: from n/a through = 7.3...
CVE-2025-22645
Improper Restriction of Excessive Authentication Attempts vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Password Brute Forcing.This issue affects Real Estate Manager: from n/a through = 7.3...
CVE-2025-22645 WordPress Real Estate Manager plugin <= 7.3 - Captcha Bypass Vulnerability vulnerability
Improper Restriction of Excessive Authentication Attempts vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Password Brute Forcing.This issue affects Real Estate Manager: from n/a through = 7.3...
CVE-2025-22645
CVE-2025-22645 concerns the WordPress Real Estate Manager plugin (versions up to 7.3). The issue is described as Improper Restriction of Excessive Authentication Attempts, effectively enabling password brute-forcing. The vulnerability is tied to insufficient controls around authentication attempt...
CVE-2025-22645 WordPress Real Estate Manager plugin <= 7.3 - Captcha Bypass Vulnerability vulnerability
Improper Restriction of Excessive Authentication Attempts vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Password Brute Forcing.This issue affects Real Estate Manager: from n/a through = 7.3...
CVE-2024-7701
Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects percona-toolkit: 3.6.0...