PT-2026-35749

A vulnerability affecting the detailed versions of Cryptobox allows a legitimate user to prevent another to login by triggering an account lockout via sending a specially crafted request...

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force due to improper enforcement of authentication lockout in the login process. An attacker can gain unauthorized access to accounts protected by two-factor authentication by repeatedly submitting incorrect TOTP codes without...

GHSA-3JQF-V4MV-747G Moonraker affected by LDAP search filter injection

Impact Instances of Moonraker configured with the ldap component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used to determine whether or not a search was successful, allowing for brute force methods to discover...

PT-2023-29929 · Mitsubishi · Melsec Iq-R Series Cpu Modules

Name of the Vulnerable Software and Affected Versions: MELSEC iQ-F/iQ-R Series CPU modules affected versions not specified Description: The issue allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker...

PT-2022-3530 · Schneider Electric · Ecostruxure Cybersecurity Admin Expert

Name of the Vulnerable Software and Affected Versions: EcoStruxure Cybersecurity Admin Expert CAE versions prior to 2.2 Description: A vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local...

CVE-2021-38474

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product. This may allow an attacker to execute a brute-force password attack with no time limitation and without harming the normal operation of the user. Th...

May 10, 2016 — KB3156421 (OS Build 10586.318)

May 10, 2016 — KB3156421 OS Build 10586.318 This update includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key changes include: Improved reliability in a number of areas including Cortana, Bluetooth, Shell, Internet Explorer 11 ...

DEBIAN-CVE-2016-7030

FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on...

IBM Security Access Manager for Web Privilege Gain Vulnerability

IBM Security Access Manager ISAM for Web formerly known as IBM Tivoli Access Manager for e-business is a suite of IBM products for user authentication, authorization, and Web single sign-on solutions that provide user access management and Web application protection Functions. A security...

CVE-2015-5010

IBM Security Access Manager for Web is affected: 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 lack an account lockout after failed logins, enabling brute-force access from remote attackers. Remediation exists in the connected IBM advisories: apply Interim Fix 21 for 7...