CWE-307 - Improper Restriction of Excessive Authentication Attempts
- Abstraction:Base
- Structure:Simple
- Status:Draft
- Release Date:2006-07-19
- Latest Modification Date:2024-11-19
Weakness Name
Improper Restriction of Excessive Authentication Attempts
Description
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
Common Consequences
Scope: Access Control
Impact: Bypass Protection Mechanism
Notes: An attacker could perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to the targeted account using a brute force attack.
