CWE-307

An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute force attacks.

An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks.

Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the ‘login’ function in the component ‘app/api/cms/user.py’.

Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0.

tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts.

An issue was discovered in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user’s password, due to lack of lock-out after excessive failed logins.