CWE-307: Improper Restriction of Excessive Authentication Attempts
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
常见后果
影响范围: Access Control
技术影响: Bypass Protection Mechanism
说明: An attacker could perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to the targeted account using a brute force attack.
潜在缓解措施
阶段: Architecture and Design
阶段: Architecture and Design
策略: Libraries or Frameworks
检测方法
方法: Dynamic Analysis with Automated Results Interpretation
有效性: High
方法: Dynamic Analysis with Manual Results Interpretation
有效性: High
方法: Manual Static Analysis - Source Code
有效性: High
方法: Automated Static Analysis - Source Code
有效性: SOAR Partial
方法: Automated Static Analysis
有效性: SOAR Partial
方法: Architecture or Design Review
有效性: High
观察示例
参考: CVE-2019-0039
the REST API for a network OS has a high limit for number of connections, allowing brute force password guessing
参考: CVE-1999-1152
Product does not disconnect or timeout after multiple failed logins.
参考: CVE-2001-1291
Product does not disconnect or timeout after multiple failed logins.
参考: CVE-2001-0395
Product does not disconnect or timeout after multiple failed logins.
参考: CVE-2001-1339
Product does not disconnect or timeout after multiple failed logins.
参考: CVE-2002-0628
Product does not disconnect or timeout after multiple failed logins.
参考: CVE-1999-1324
User accounts not disabled when they exceed a threshold; possibly a resultant problem.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic. |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | AUTHENT.MULTFAIL | Multiple Failed Authentication Attempts not Prevented | - |
| Software Fault Patterns | SFP34 | Unrestricted authentication | - |
关键信息
CWE ID: CWE-307
抽象级别: Base
结构: Simple
状态: Draft