Cyber Posture

CWE · MITRE source

CWE-307Improper Restriction of Excessive Authentication Attempts

Abstraction: Base · CVEs in our corpus: 564

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (2)AI

Control Title Family Why it addresses this CWE
AC-7Unsuccessful Logon AttemptsACThis control directly enforces limits on consecutive invalid logon attempts and automatic response (e.g., lockout) to prevent brute-force exploitation of authentication mechanisms.
IA-10Adaptive AuthenticationIASpecific conditions can include excessive failed attempts, triggering stronger authentication that restricts brute-force exploitation.

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2020-159067.29.80.87022020-10-22
CVE-2019-172406.99.80.82632019-10-06
CVE-2023-229605.27.50.61252023-01-23
CVE-2024-392254.69.80.44532024-08-06
CVE-2020-355904.59.80.42852020-12-21
CVE-2001-13393.49.80.24282001-05-24
CVE-2021-275142.89.80.13672021-02-22
CVE-2021-367502.88.10.19702021-12-22
CVE-2024-412762.89.80.13562024-10-01
CVE-2019-175252.78.80.16202020-04-21
CVE-2023-277462.69.80.10112023-04-13
CVE-2023-376352.59.80.08232023-10-23
CVE-2001-12912.49.80.07242001-07-12
CVE-2020-274232.47.50.14972020-11-16
CVE-2014-54142.29.10.05942016-10-05
CVE-2020-116502.27.50.11922020-04-08
CVE-2022-290562.23.70.24302023-03-09
CVE-2023-271002.29.80.03502023-03-22
CVE-2023-217092.29.80.03192023-08-08
CVE-2019-37662.19.80.02022019-09-27
CVE-2020-153672.19.80.02652020-07-07
CVE-2020-240072.19.80.01852020-08-26
CVE-2021-289092.19.80.01762021-09-09
CVE-2021-289112.19.80.02332021-09-09
CVE-2021-414352.19.80.02502021-11-19