BaseDraft
CWE-307Improper Restriction of Excessive Authentication Attempts
Category: auth
Description
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
Common consequences· 1
- Access Control — Bypass Protection MechanismAn attacker could perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to the targeted account using a brute force attack.
Potential mitigations· 2
- [Architecture and Design]
- [Architecture and Design]
Related CAPEC attack patterns· 7
References
Exploits (incoming)7
| Type | Target | Confidence | Tier |
|---|---|---|---|
| AttackPattern | Password Sprayingcapec-565 | 100% | live |
| AttackPattern | Use of Known Operating System Credentialscapec-653 | 100% | live |
| AttackPattern | Use of Known Domain Credentialscapec-560 | 100% | live |
| AttackPattern | Password Brute Forcingcapec-49 | 100% | live |
| AttackPattern | Dictionary-based Password Attackcapec-16 | 100% | live |
| AttackPattern | Credential Stuffingcapec-600 | 100% | live |
| AttackPattern | Use of Known Kerberos Credentialscapec-652 | 100% | live |
Compliance frameworks addressing this (incoming)5
| Type | Target | Confidence | Tier |
|---|---|---|---|
| ComplianceControl | owasp_api_top10-api04 | 100% | live |
| ComplianceControl | iso27001-a.8.5 | 100% | live |
| ComplianceControl | pci_dss_v4-r8 | 100% | live |
| ComplianceControl | owasp_top10-a07 | 100% | live |
| ComplianceControl | nis2-art21g | 100% | live |
(incoming)56
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-12547cve-2025-12547 | 0% | live |
| Vulnerability | CVE-2025-12995cve-2025-12995 | 0% | live |
| Vulnerability | CVE-2025-1710cve-2025-1710 | 0% | live |
| Vulnerability | CVE-2025-1740cve-2025-1740 | 0% | live |
| Vulnerability | CVE-2025-1928cve-2025-1928 | 0% | live |
| Vulnerability | CVE-2025-23368cve-2025-23368 | 0% | live |
| Vulnerability | CVE-2025-2411cve-2025-2411 | 0% | live |
| Vulnerability | CVE-2025-2412cve-2025-2412 | 0% | live |
| Vulnerability | CVE-2025-2413cve-2025-2413 | 0% | live |
| Vulnerability | CVE-2025-2414cve-2025-2414 | 0% | live |
| Vulnerability | CVE-2025-2415cve-2025-2415 | 0% | live |
| Vulnerability | CVE-2025-2416cve-2025-2416 | 0% | live |
| Vulnerability | CVE-2025-2417cve-2025-2417 | 0% | live |
| Vulnerability | CVE-2025-25595cve-2025-25595 | 0% | live |
| Vulnerability | CVE-2025-27449cve-2025-27449 | 0% | live |
| Vulnerability | CVE-2025-27456cve-2025-27456 | 0% | live |
| Vulnerability | CVE-2025-31676cve-2025-31676 | 0% | live |
| Vulnerability | CVE-2025-3555cve-2025-3555 | 0% | live |
| Vulnerability | CVE-2025-3556cve-2025-3556 | 0% | live |
| Vulnerability | CVE-2025-3709cve-2025-3709 | 0% | live |
| Vulnerability | CVE-2025-4319cve-2025-4319 | 0% | live |
| Vulnerability | CVE-2025-4383cve-2025-4383 | 0% | live |
| Vulnerability | CVE-2025-43863cve-2025-43863 | 0% | live |
| Vulnerability | CVE-2025-46414cve-2025-46414 | 0% | live |
| Vulnerability | CVE-2025-46739cve-2025-46739 | 0% | live |
| Vulnerability | CVE-2025-48187cve-2025-48187 | 0% | live |
| Vulnerability | CVE-2025-49195cve-2025-49195 | 0% | live |
| Vulnerability | CVE-2025-56221cve-2025-56221 | 0% | live |
| Vulnerability | CVE-2025-56224cve-2025-56224 | 0% | live |
| Vulnerability | CVE-2025-58587cve-2025-58587 | 0% | live |
Showing top 30 of 56 by confidence. Click any target to see the full neighbourhood.
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.