Brute Force Prevention Bypassed

Impact: Medium

Description

Brute Force Prevention Bypassed occurs when software lacks adequate measures to counter multiple failed authentication attempts within a short time frame, rendering it vulnerable to brute force attacks.

Recommendation

To mitigate this vulnerability, consider implementing CAPTCHA challenges or enforcing account lockout mechanisms for target user accounts or source IP addresses after multiple failed authentication attempts.

References

CWE-307
OWASP 2021-A7
OWASP: Account Lockout
Wikipedia: CAPTCHA

👉 You might also like:

Weak Password - Vulnerability

WordPress Login Page Found - Vulnerability

Apache Tomcat Manager Login Found - Vulnerability

User Enumeration - Vulnerability

Last updated on May 13, 2024

Brute Force Prevention Bypassed

Description

Recommendation

References

This issue is available in SmartScanner Professional