Improper Restriction of Excessive Authentication Attempts

CVE-2022-3741

High

9.8/10

Summary

Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \n\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-307 - Improper Restriction of Excessive Authentication Attempts

The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.

References

Advisory Timeline

Published Oct 28, 2022

Improper Restriction of Excessive Authentication Attempts

CVE-2022-3741

Summary

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS