SYM_CS_0010 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Restriction of Excessive Authentication Attempts
| Property | Value |
|---|---|
| Language | csharp |
| Severity |  |
| CWE | CWE-307: Improper Restriction of Excessive Authentication Attempts |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
The account lockout feature is disabled or not properly configured in your authentication logic, allowing unlimited failed login attempts. This makes it easy for attackers to repeatedly guess passwords without being blocked.
Impact
If exploited, attackers can use automated tools to perform brute-force attacks and potentially compromise user accounts. This can lead to unauthorized access, data breaches, and reputational damage to your application or organization.