CWE-307
Improper Restriction of Excessive Authentication Attempts
Description
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
Common Consequences
Scope
Impact
Bypass Protection Mechanism
Potential Mitigations
Common protection mechanisms include: Disconnecting the user after a small number of failed attempts Implementing a timeout Locking out a targeted account Requiring a computational task on the user's part.
Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482]. Consider using libraries with authentication capabilities such as OpenSSL or the ESAPI Authenticator. [REF-45]
CVE-2019-0039the REST API for a network OS has a high limit for number of connections, allowing brute force password guessing
CVE-1999-1152Product does not disconnect or timeout after multiple failed logins.
CVE-2001-1291Product does not disconnect or timeout after multiple failed logins.
CVE-2001-0395Product does not disconnect or timeout after multiple failed logins.
CVE-2001-1339Product does not disconnect or timeout after multiple failed logins.
CVE-2002-0628Product does not disconnect or timeout after multiple failed logins.
CVE-1999-1324User accounts not disabled when they exceed a threshold; possibly a resultant problem.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now