Vulnerabilities/

Brute Force Prevention Bypassed

Severity:: Medium

Description

Brute Force Prevention Bypassed occurs when software lacks adequate measures to counter multiple failed authentication attempts within a short time frame, rendering it vulnerable to brute force attacks.

Recommendation

To mitigate this vulnerability, consider implementing CAPTCHA challenges or enforcing account lockout mechanisms for target user accounts or source IP addresses after multiple failed authentication attempts.

References

Wikipedia: CAPTCHA
OWASP: Account Lockout
CWE-307
CAPEC-49
OWASP 2021-A7

Related Issues

Apache Tomcat Manager Login Found - Vulnerability
Weak Password - Vulnerability
Unreferenced Login Page Found - Vulnerability
WordPress Login Page Found - Vulnerability

Tags:: Brute Force; Authentication; CAPTCHA

Anything's wrong? Let us know Last updated on May 13, 2024