目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-645 过度限制的账户封锁机制 类漏洞列表 6

CWE-645 过度限制的账户封锁机制 类弱点 6 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-645属于可用性漏洞,指账户锁定机制过于严格,极易被触发。攻击者通常通过反复尝试错误密码,恶意触发锁定策略,导致合法用户账户被锁定,从而实施拒绝服务攻击。开发者应避免设置过低的失败尝试阈值或过长的锁定时间,并引入验证码、渐进式延迟或基于IP的速率限制等辅助措施,以平衡安全性与用户体验。

MITRE CWE 官方描述
CWE:CWE-645 过于严格的账户锁定机制 (Overly Restrictive Account Lockout Mechanism) 英文:该产品包含一种账户锁定保护机制,但该机制过于严格且容易被触发,从而导致攻击者能够通过使合法用户的账户被锁定来拒绝服务 (Deny Service)。 账户锁定 (Account Lockout) 是一种安全功能,通常存在于应用程序中,作为针对系统基于密码的认证机制进行暴力破解攻击 (Brute Force Attack) 的对策。在发生一定数量的失败登录尝试后,用户的账户可能会被禁用一段时间,或者直到由管理员手动解锁。其他安全事件也可能触发账户锁定。然而,攻击者可能利用这一安全功能来拒绝向合法系统用户提供服务。因此,确保账户锁定安全机制不过于严格至关重要。
常见影响 (1)
AvailabilityDoS: Resource Consumption (Other)
Users could be locked out of accounts.
缓解措施 (3)
Architecture and DesignImplement more intelligent password throttling mechanisms such as those which take IP address into account, in addition to the login name.
Architecture and DesignImplement a lockout timeout that grows as the number of incorrect login attempts goes up, eventually resulting in a complete lockout.
Architecture and DesignConsider alternatives to account lockout that would still be effective against password brute force attacks, such as presenting the user machine with a puzzle to solve (makes it do some computation).
代码示例 (1)
A famous example of this type of weakness being exploited is the eBay attack. eBay always displays the user id of the highest bidder. In the final minutes of the auction, one of the bidders could try to log in as the highest bidder three times. After three incorrect log in attempts, eBay password throttling would kick in and lock out the highest bidder's account for some time. An attacker could th…
CVE ID标题CVSS风险等级Published
CVE-2026-25907 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 5.3 Medium2026-03-04
CVE-2025-5241 Mitsubishi Electric MELSEC iQ-F Series 安全漏洞 — MELSEC iQ-F Series FX5U-32MT/ES 5.3 Medium2025-07-11
CVE-2025-31947 Mattermost 安全漏洞 — Mattermost 5.8 Medium2025-05-15
CVE-2024-37028 F5 BIG-IP Next Central Manager 安全漏洞 — BIG-IP Next Central Manager 5.3 Medium2024-08-14
CVE-2024-1722 Red Hat Keycloak 安全漏洞 3.7 Low2024-02-27
CVE-2023-4346 KNX Connection Authorization 安全漏洞 — KNX Protocol Connection Authorization Option 1 7.5 High2023-08-29

CWE-645(过度限制的账户封锁机制) 是常见的弱点类别,本平台收录该类弱点关联的 6 条 CVE 漏洞。