Eclipse GlassFish Login Brute Force Vulnerability

Vulnerability

A brute force vulnerability in the login mechanism of Eclipse GlassFish has been identified, affecting versions through 7.0.16. The issue arises from the absence of restrictions on the number of failed login attempts, allowing attackers to repeatedly guess credentials without facing any penalties or delays.

Impact

Exploitation of this vulnerability could lead to unauthorized access through successful login after guessing credentials, potentially allowing attackers to gain inappropriate access to user accounts or administrative privileges, depending on the roles assigned to the compromised accounts.

Added: Jul 16, 2025, 12:49 PM

Updated: Jul 16, 2025, 12:49 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.0

exploitability

7.6

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.0

exploitability

7.6

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Eclipse GlassFish Login Brute Force Vulnerability

Vulnerability

Impact

Affected Products

Eclipse GlassFish

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating