CVE-2021-22530

Name of the Vulnerable Software and Affected Versions NetIQ Advance Authentication versions prior to 6.3.5.1

Description A vulnerability identified in NetIQ Advance Authentication does not enforce account lockout when a brute force attack is performed on API-based login. This issue may lead to user account compromise if successful or may impact server performance.

Recommendations For versions prior to 6.3.5.1, update to version 6.3.5.1 to resolve the issue. As a temporary workaround, consider implementing additional security measures to prevent brute force attacks on the API-based login. Restrict access to the API endpoint to minimize the risk of exploitation. Avoid using the API-based login until the issue is resolved by updating to the recommended version.