Improper Restriction of Excessive Authentication Attempts

CVE-2020-14494

High

9.8/10

Summary

OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow unauthorized users to access the system after no more than a fixed maximum number of attempts.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-307 - Improper Restriction of Excessive Authentication Attempts

The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.

References

Advisory Timeline

Published Jul 20, 2020

Improper Restriction of Excessive Authentication Attempts

CVE-2020-14494

Summary

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS