CVE-2022-37144

HIGH Year: 2022
CVSS v3 Score
8.8
High
Weakness Type
CWE-307
View all →

Vulnerability Description

The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. An unauthenticated remote attacker in possession of a valid username and password can bruteforce their way past MFA protections to login as the targeted user.

Related Vulnerabilities

CVE-2009-5140

HIGH
CVSS:8.8(High)

The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain acces...

CWE-3072009

CVE-2019-14351

HIGH
CVSS:8.8(High)

EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterL...

CWE-3072019

CVE-2019-17525

HIGH
CVSS:8.8(High)

The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks.

CWE-3072019

CVE-2020-13872

HIGH
CVSS:8.8(High)

Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach.

CWE-3072020

CVE-2021-35472

HIGH
CVSS:8.8(High)

An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker mi...

CWE-3072021

CVE-2021-41171

HIGH
CVSS:8.8(High)

eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many differ...

CWE-3072021