Improper Restriction of Excessive Authentication Attempts

CVE-2024-9928

Medium

5.3/10

Summary

A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the equipment login. Note that the system supports only one concurrent session and implements a delay of more than a second between failed login attempts making it difficult to automate the attacks.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-307 - Improper Restriction of Excessive Authentication Attempts

The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.

References

Advisory Timeline

Published Nov 26, 2024

Improper Restriction of Excessive Authentication Attempts

CVE-2024-9928

Summary

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS