How severe is CVE-2016-9124?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2016-9124?

This is classified as CWE-307, which is a common weakness in software security.

CVE-2016-9124 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users during such attacks. A random delay has instead been introduced as a countermeasure in case of password failures, along with a system to discourage parallel brute forcing. These systems will effectively allow the valid users to log in to the adserver, even while an attack is in progress.

Related Vulnerabilities

CVE-1999-1324

CRITICAL

CVSS:9.8(Critical)

VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which ma...

CWE-3071999

CVE-2001-0395

CRITICAL

CVSS:9.8(Critical)

Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing.

CWE-3072001

CVE-2001-1291

CRITICAL

CVSS:9.8(Critical)

The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the serv...

CWE-3072001

CVE-2001-1339

CRITICAL

CVSS:9.8(Critical)

Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when bad passwords are entered, which makes it easier for remote attackers to conduct brute force password gue...

CWE-3072001

CVE-2013-4441

CRITICAL

CVSS:9.8(Critical)

The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CWE-3072013

CVE-2017-11187

CRITICAL

CVSS:9.8(Critical)

phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly.

CWE-3072017