The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482].
Consider using libraries with authentication capabilities such as OpenSSL or the ESAPI Authenticator. [REF-45]
An attacker could perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to the targeted account using a brute force attack.
According to SOAR [REF-1479], the following detection techniques may be useful:
According to SOAR [REF-1479], the following detection techniques may be useful:
According to SOAR [REF-1479], the following detection techniques may be useful:
According to SOAR [REF-1479], the following detection techniques may be useful:
According to SOAR [REF-1479], the following detection techniques may be useful:
According to SOAR [REF-1479], the following detection techniques may be useful:
CVE-2019-0039the REST API for a network OS has a high limit for number of connections, allowing brute force password guessing
CVE-1999-1152Product does not disconnect or timeout after multiple failed logins.
CVE-2001-1291Product does not disconnect or timeout after multiple failed logins.
CVE-2001-0395Product does not disconnect or timeout after multiple failed logins.
CVE-2001-1339Product does not disconnect or timeout after multiple failed logins.