Read Time:50 Second
Description
The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
Consequences
Access Control: Bypass Protection Mechanism
An attacker could perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to the targeted account.
Potential Mitigations
Phase: Architecture and Design
Description:
Phase: Architecture and Design
Description:
CVE References
- CVE-1999-1152
- Product does not disconnect or timeout after multiple failed logins.
- CVE-2001-1291
- Product does not disconnect or timeout after multiple failed logins.
- CVE-2001-0395
- Product does not disconnect or timeout after multiple failed logins.
- CVE-2001-1339
- Product does not disconnect or timeout after multiple failed logins.
- CVE-2002-0628
- Product does not disconnect or timeout after multiple failed logins.
- CVE-1999-1324
- User accounts not disabled when they exceed a threshold; possibly a resultant problem.