CVE-2022-43947

HIGH Year: 2022
CVSS v3 Score
8.8
High
Weakness Type
CWE-307
View all →

Vulnerability Description

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiOS version 7.2.0 through 7.2.3 and before 7.0.10, FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 administrative interface allows an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions.

Related Vulnerabilities

CVE-2009-5140

HIGH
CVSS:8.8(High)

The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain acces...

CWE-3072009

CVE-2019-14351

HIGH
CVSS:8.8(High)

EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterL...

CWE-3072019

CVE-2019-17525

HIGH
CVSS:8.8(High)

The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks.

CWE-3072019

CVE-2020-13872

HIGH
CVSS:8.8(High)

Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach.

CWE-3072020

CVE-2021-35472

HIGH
CVSS:8.8(High)

An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker mi...

CWE-3072021

CVE-2021-41171

HIGH
CVSS:8.8(High)

eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many differ...

CWE-3072021