CWE-645— Overly Restrictive Account Lockout Mechanism
The product contains an account lockout protection mechanism, but the mechanism is too restrictive and can be triggered too easily, which allows attackers to deny service to legitimate users by causing their accounts to be locked out.— MITRE CWE catalog
6 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-645page 1 of 1
- CVE-2023-4346HIGHCVSS 7.5EG 7.52023-08-29
KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the device. The BCU key feature on the devices …
- CVE-2024-1722LOWCVSS 3.7EG 3.72024-02-29
A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in.
- CVE-2024-37028MEDIUMCVSS 5.3EG 5.32024-08-14
BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2025-31947MEDIUMCVSS 5.8EG 5.82025-05-15
Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures…
- CVE-2025-5241MEDIUMCVSS 5.3EG 5.32025-07-11
Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series allows a remote unauthenticated attacker to lockout legitimate users for a certain period by repeatedly attempting to login wi…
- CVE-2026-53982MEDIUMCVSS 6.5EG 6.52026-06-12
Cap-go Console < 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to…
Map vulnerabilities like CWE-645 to your infrastructure
EchelonGraph correlates every CVE — across CWE-645 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →