CVE-2021-28248

HIGH Year: 2021
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-307
View all →

Vulnerability Description

CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Related Vulnerabilities

CVE-1999-1152

HIGH
CVSS:7.5(High)

Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of failed login attempts, which allows remote attackers to guess usernames or passwords via a brute force att...

CWE-3071999

CVE-2002-0628

HIGH
CVSS:7.5(High)

The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute f...

CWE-3072002

CVE-2013-1895

HIGH
CVSS:7.5(High)

The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the pa...

CWE-3072013

CVE-2013-2257

HIGH
CVSS:7.5(High)

Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness

CWE-3072013

CVE-2015-20110

HIGH
CVSS:7.5(High)

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by bru...

CWE-3072015

CVE-2017-14423

HIGH
CVSS:7.5(High)

htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remo...

CWE-3072017