Home/CWE/Improper Restriction of Excessive Authentication Attempts
Weakness

Improper Restriction of Excessive Authentication Attempts

CWE-307 · Base · Draft

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

Weakness Relationships

Where this weakness sits in the CWE hierarchy. Walk up to broader classes or down to more specific variants.
Parent of this (broader)
ChildOfCWE-1390 · Weak Authentication
ChildOfCWE-287 · Improper Authentication
ChildOfCWE-799 · Improper Control of Interaction Frequency

Attack Patterns (CAPEC)

7
How adversaries exploit this weakness, per MITRE CAPEC.
CAPEC-16Dictionary-based Password Attack
CAPEC-49Password Brute Forcing
CAPEC-560Use of Known Domain Credentials
CAPEC-565Password Spraying
CAPEC-600Credential Stuffing
CAPEC-652Use of Known Kerberos Credentials
CAPEC-653Use of Known Operating System Credentials

CVEs With This Weakness

693
A sample of the 693 CVEs tagged with this weakness.
CVECVE-2026-7820
CVECVE-2026-7671
CVECVE-2026-7255
CVECVE-2026-6947
CVECVE-2026-45010
CVECVE-2026-44195
CVECVE-2026-43914
CVECVE-2026-41893
CVECVE-2026-41213
CVECVE-2026-41037
CVECVE-2026-40586
CVECVE-2026-40485

Nuclei Scanner Templates

1
Open-source Nuclei templates that detect this weakness class - an actionable scan-for-it pivot. Licensed under the ProjectDiscovery / Nuclei terms.
criticalTiki Wiki CMS GroupWare - Authentication Bypass
External lookups - second-class, for what we don’t hold ourselves
MITRE CWE
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin