Lucene search
K

14 matches found

Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.6 views

PT-2026-35749

A vulnerability affecting the detailed versions of Cryptobox allows a legitimate user to prevent another to login by triggering an account lockout via sending a specially crafted request...

7.1CVSS5.3AI score0.00256EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/10 3:34 p.m.4 views

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force due to improper enforcement of authentication lockout in the login process. An attacker can gain unauthorized access to accounts protected by two-factor authentication by repeatedly submitting incorrect TOTP codes without...

8.2CVSS5.8AI score0.00296EPSS
Exploits1References2
OSV
OSV
added 2026/01/22 6:6 p.m.3 views

GHSA-3JQF-V4MV-747G Moonraker affected by LDAP search filter injection

Impact Instances of Moonraker configured with the ldap component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used to determine whether or not a search was successful, allowing for brute force methods to discover...

6.9CVSS5.8AI score0.0027EPSS
Exploits0References4
Redos
Redos
added 2025/09/05 12:0 a.m.4 views

ROS-20250905-07

A vulnerability in the user locking mechanism of the Vault Enterprise and Vault Community Edition enterprise data archiving platforms is due to the application not performing the correct normalization of the application. Enterprise and Vault Community Edition is related to the fact that the...

9.1CVSS7.2AI score0.00867EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/09 2:0 a.m.9 views

CVE-2025-54998

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by...

5.3CVSS6.9AI score0.00199EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/11/06 12:0 a.m.8 views

PT-2023-29929 · Mitsubishi · Melsec Iq-R Series Cpu Modules

Name of the Vulnerable Software and Affected Versions: MELSEC iQ-F/iQ-R Series CPU modules affected versions not specified Description: The issue allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker...

5.3CVSS5.2AI score0.0095EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/06/14 12:0 a.m.7 views

PT-2022-3530 · Schneider Electric · Ecostruxure Cybersecurity Admin Expert

Name of the Vulnerable Software and Affected Versions: EcoStruxure Cybersecurity Admin Expert CAE versions prior to 2.2 Description: A vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local...

8.3CVSS8AI score0.00311EPSS
Exploits0References6
OSV
OSV
added 2021/10/19 1:15 p.m.4 views

CVE-2021-38474

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product. This may allow an attacker to execute a brute-force password attack with no time limitation and without harming the normal operation of the user. Th...

9.8CVSS7.4AI score0.00661EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2018/10/01 12:0 a.m.5 views

May 10, 2016 — KB3156421 (OS Build 10586.318)

May 10, 2016 — KB3156421 OS Build 10586.318 This update includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key changes include: Improved reliability in a number of areas including Cortana, Bluetooth, Shell, Internet Explorer 11 ...

5.8AI score
Exploits0
OSV
OSV
added 2017/08/28 3:29 p.m.1 views

DEBIAN-CVE-2016-7030

FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on...

7.5CVSS7.1AI score0.047EPSS
Exploits0References1
CNVD
CNVD
added 2016/02/17 12:0 a.m.5 views

IBM Security Access Manager for Web Privilege Gain Vulnerability

IBM Security Access Manager ISAM for Web formerly known as IBM Tivoli Access Manager for e-business is a suite of IBM products for user authentication, authorization, and Web single sign-on solutions that provide user access management and Web application protection Functions. A security...

7.5CVSS6.9AI score0.01552EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2016/02/15 2:59 a.m.4 views

CVE-2015-5010

IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack...

7.5CVSS5.6AI score0.01552EPSS
Exploits0References4
CVE
CVE
added 2016/02/15 2:0 a.m.54 views

CVE-2015-5010

IBM Security Access Manager for Web is affected: 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 lack an account lockout after failed logins, enabling brute-force access from remote attackers. Remediation exists in the connected IBM advisories: apply Interim Fix 21 for 7...

7.5CVSS7.2AI score0.01552EPSS
Exploits0References3Affected Software3
Vulnrichment
Vulnrichment
added 1999/09/29 4:0 a.m.15 views

CVE-1999-0036

IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files...

6.9AI score0.01413EPSS
Exploits0References4
Rows per page
Query Builder