org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI...

WakaTime: Session Replay Attack Allows Authentication Bypass via Captured Login Responses Allowing Bypass of 429 Too many attempts for Multiple Failed Logins

Summary An attacker can bypass authentication by capturing a valid login response including session cookies/tokens and replaying it during a failed login attempt with incorrect credentials. The server fails to invalidate or validate session tokens properly, allowing unauthorized access even after...

CVE-2024-55008

JATOS 3.9.4 contains a denial-of-service DoS vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts. Specifically, by submitting 3 incorrect login attempts every minute, the...

CVE-2023-41350

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more...

Nokia G-040W-Q Security Vulnerability

The Nokia G-040W-Q is a modem from Nokia of Finland. A security vulnerability exists in Nokia G-040W-Q, which arises from insufficient measures to prevent multiple failed authentication attempts...