目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-307 过多认证尝试的限制不恰当 类漏洞列表 331

CWE-307 过多认证尝试的限制不恰当 类弱点 331 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-307 属于身份验证缺陷,指系统未有效限制短时间内过多的认证失败尝试。攻击者常利用此漏洞进行暴力破解或字典攻击,通过高频尝试猜测凭证以获取未授权访问。开发者应实施账户锁定机制、引入验证码挑战或设置动态速率限制,从而在保障用户体验的同时,显著增加自动化攻击的难度与成本,确保系统安全性。

MITRE CWE 官方描述
CWE:CWE-307 过度身份验证尝试的限制不当 英文:产品未实施足够的措施来防止在短时间内发生多次失败的身份验证尝试。
常见影响 (1)
Access ControlBypass Protection Mechanism
An attacker could perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to the targeted account using a brute force attack.
缓解措施 (2)
Architecture and DesignCommon protection mechanisms include: Disconnecting the user after a small number of failed attempts Implementing a timeout Locking out a targeted account Requiring a computational task on the user's part.
Architecture and DesignUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482]. Consider using libraries with authentication capabilities such as OpenSSL or the ESAPI Authenticator. [REF-45]
代码示例 (2)
In January 2009, an attacker was able to gain administrator access to a Twitter server because the server did not restrict the number of login attempts [REF-236]. The attacker targeted a member of Twitter's support team and was able to successfully guess the member's password using a brute force attack by guessing a large number of common words. After gaining access as the member of the support st…
The following code, extracted from a servlet's doPost() method, performs an authentication lookup every time the servlet is invoked.
String username = request.getParameter("username"); String password = request.getParameter("password"); int authResult = authenticateUser(username, password);
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2025-2514 日立虚拟化存储平台暴力破解漏洞 — Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 5.3 Medium2026-05-07
CVE-2023-54347 OpenEMR 7.0.1 身份验证暴力破解防护绕过漏洞 — OpenEMR 7.5 High2026-05-05
CVE-2026-7671 CodeWise Tornet Scooter 移动应用双重认证漏洞 — Tornet Scooter Mobile App 3.7 Low2026-05-02
CVE-2026-26206 Wazuh 安全漏洞 — wazuh 6.5 Medium2026-04-29
CVE-2026-6947 D-Link DWM-222W USB Wi-Fi Adapter 安全漏洞 — DWM-222W 7.5 High2026-04-24
CVE-2026-41213 @node-oauth/oauth2-server 安全漏洞 — node-oauth2-server 5.9 Medium2026-04-23
CVE-2026-40586 blueprintUE self-hosted edition 安全漏洞 — blueprintue-self-hosted-edition 7.5 High2026-04-21
CVE-2025-14362 Fortra GoAnywhere MFT 安全漏洞 — GoAnywhere MFT 7.3 High2026-04-21
CVE-2026-41037 Quantum Networks router 安全漏洞 — Router QN-I-470 8.8AIHighAI2026-04-21
CVE-2026-40485 ChurchCRM 安全漏洞 — CRM 5.3 Medium2026-04-17
CVE-2025-46606 Dell PowerProtect Data Domain 安全漏洞 — PowerProtect Data Domain 6.2 Medium2026-04-17
CVE-2026-22616 Eaton Intelligent Power Protector 安全漏洞 — IPP Software 6.5 Medium2026-04-16
CVE-2026-33667 OpenProject 安全漏洞 — openproject 7.4 High2026-04-15
CVE-2026-2402 Schneider Electric PowerChute Serial Shutdown 安全漏洞 — PowerChute™ Serial Shutdown 9.8 -2026-04-14
CVE-2025-31991 HCL DevOps Velocity 安全漏洞 — Velocity 6.8 Medium2026-04-13
CVE-2026-35597 Vikunja 安全漏洞 — vikunja 5.9 Medium2026-04-10
CVE-2026-35646 OpenClaw 安全漏洞 — OpenClaw 4.8 Medium2026-04-09
CVE-2026-35628 OpenClaw 安全漏洞 — OpenClaw 4.8 Medium2026-04-09
CVE-2026-35623 OpenClaw 安全漏洞 — OpenClaw 4.8 Medium2026-04-09
CVE-2026-33580 OpenClaw 安全漏洞 — OpenClaw 6.5 Medium2026-03-31
CVE-2026-34505 OpenClaw 安全漏洞 — OpenClaw 6.5 Medium2026-03-31
CVE-2026-33879 Federated Learning and Interoperability Platform 安全漏洞 — FLIP 9.8 -2026-03-27
CVE-2026-33763 WWBN AVideo 安全漏洞 — AVideo 5.3 Medium2026-03-27
CVE-2026-33935 MyTube 安全漏洞 — MyTube--2026-03-27
CVE-2026-33640 Outline 安全漏洞 — outline 9.1 -2026-03-26
CVE-2026-33152 Tandoor Recipes 安全漏洞 — recipes 9.1 Critical2026-03-26
CVE-2026-31851 Nexxt Solutions Nebula 300+ 安全漏洞 — Nebula 300+ 9.8 -2026-03-23
CVE-2026-31903 IGL-Technologies eParking.fi 安全漏洞 — eParking.fi 7.5 High2026-03-20
CVE-2026-31904 CTEK Chargeportal 安全漏洞 — Chargeportal 7.5 High2026-03-20
CVE-2026-32025 OpenClaw 安全漏洞 — OpenClaw 7.5 High2026-03-19

CWE-307(过多认证尝试的限制不恰当) 是常见的弱点类别,本平台收录该类弱点关联的 331 条 CVE 漏洞。