Skip to main content

CWE-645

Overly Restrictive Account Lockout Mechanism

6 CVEs Avg CVSS 5.9 MITRE
0
CRITICAL
1
HIGH
5
MEDIUM
0
LOW
1
POC
1
KEV

Monthly

CVE-2026-25907 MEDIUM This Month

Dell PowerScale OneFS 9.13.0.0 is vulnerable to denial of service through an overly restrictive account lockout mechanism that can be triggered by unauthenticated remote attackers. The flaw allows an attacker to lock out legitimate users without authentication, disrupting service availability. No patch is currently available for this medium-severity vulnerability.

Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-5241 MEDIUM This Month

CVE-2025-5241 is a security vulnerability (CVSS 5.3) that allows a remote unauthenticated attacker. Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-31947 Go MEDIUM PATCH This Month

Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mattermost Server Suse
NVD
CVSS 3.1
5.8
EPSS
0.4%
CVE-2024-37028 MEDIUM This Month

BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Next Central Manager
NVD
CVSS 4.0
6.3
EPSS
0.4%
CVE-2024-1722 Maven MEDIUM PATCH This Month

A flaw was found in Keycloak. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Keycloak
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-4346 HIGH POC KEV THREAT Act Now

KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Connection Authorization
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
Threat
4.5
EPSS 0% CVSS 5.3
MEDIUM This Month

Dell PowerScale OneFS 9.13.0.0 is vulnerable to denial of service through an overly restrictive account lockout mechanism that can be triggered by unauthenticated remote attackers. The flaw allows an attacker to lock out legitimate users without authentication, disrupting service availability. No patch is currently available for this medium-severity vulnerability.

Denial Of Service Powerscale Onefs
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

CVE-2025-5241 is a security vulnerability (CVSS 5.3) that allows a remote unauthenticated attacker. Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mattermost Server Suse
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Next Central Manager
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A flaw was found in Keycloak. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Keycloak
NVD
EPSS 0% 4.5 CVSS 7.5
HIGH POC KEV THREAT Act Now

KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Connection Authorization
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy