Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the ‘forgot password’ functionality as it returns distinct messages for invalid password and non-existing users.
CWE-307
CVE-2019-18917
A potential security vulnerability has been identified for certain HP Printers and All-in-Ones that would allow bypassing account lockout.
CVE-2019-18235
Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack.
CVE-2019-18261
In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, all versions, the software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.
CVE-2019-17525
The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks.
CVE-2019-17240
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.