CWE-307 - Improper Restriction of Excessive Authentication Attempts

CWE-307

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Improper Restriction of Excessive Authentication Attempts

Description: The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

Common Consequences: Scope: Access Control
Impact: Bypass Protection Mechanism
Notes: An attacker could perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to the targeted account.

Related Weaknesses

CWE-287Improper AuthenticationHigh

CWE-1390Weak Authentication

CWE-799Improper Control of Interaction Frequency

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard