CWE•Base•Draft•20 recent CVEs
CWE-307Improper Restriction of Excessive Authentication Attempts
Description
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
Common consequences
- Access Control→Bypass Protection MechanismAn attacker could perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to the targeted account using a brute force attack.
Potential mitigations
- Architecture and Design[object Object]
- Architecture and Design[object Object]
Related CWEs
Recent CVEs classified under this CWE
CVE-2026-439262026-06-04CVE-2026-366126.42026-06-03CVE-2026-366078.82026-06-03CVE-2026-102163.72026-06-01CVE-2026-493244.62026-05-29CVE-2026-453647.32026-05-28CVE-2026-356758.22026-05-28CVE-2026-87609.82026-05-27CVE-2026-18166.32026-05-21CVE-2020-372289.82026-05-16CVE-2026-450109.12026-05-15CVE-2025-645265.32026-05-14CVE-2025-623135.42026-05-14CVE-2026-441955.32026-05-13CVE-2026-72556.52026-05-12CVE-2026-439147.32026-05-11CVE-2026-78206.52026-05-11CVE-2026-418937.52026-05-09CVE-2025-25145.32026-05-07CVE-2023-543477.52026-05-05