Improper Restriction of Excessive Authentication Attempts

CVE-2021-22003

High

7.5/10

Summary

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-307 - Improper Restriction of Excessive Authentication Attempts

The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.

References

Advisory Timeline

Published Aug 31, 2021

Improper Restriction of Excessive Authentication Attempts

CVE-2021-22003

Summary

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS