Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page.
The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.
|Name||Vendor||Start Version||End Version|
Common protection mechanisms include:
Consider using libraries with authentication capabilities such as OpenSSL or the ESAPI Authenticator. [REF-45]