A race condition in the account lockout mechanism in Delphix Continous Data allowed the lockout threshold to be bypassed through concurrent authentication requests. Parallel login attempts were processed before the failed-login counter and lockout status were updated, defeating brute-force protections and enabling continued password guessing against a targeted account.
Project Subscriptions
No data.
Advisories
No advisories yet.
Fixes
Solution
Upgrade to Delphix Continuous Data version 2026.4.0.0
Workaround
No workaround given by the vendor.
References
History
Thu, 16 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 16 Jul 2026 14:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A race condition in the account lockout mechanism in Delphix Continous Data allowed the lockout threshold to be bypassed through concurrent authentication requests. Parallel login attempts were processed before the failed-login counter and lockout status were updated, defeating brute-force protections and enabling continued password guessing against a targeted account. | |
| Title | Improper Restriction of Excessive Authentication Attempts in Delphix Continuous Data | |
| Weaknesses | CWE-307 | |
| References |
| |
| Metrics |
cvssV4_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: Perforce
Published:
Updated: 2026-07-16T14:54:33.736Z
Reserved: 2026-06-30T14:40:32.730Z
Link: CVE-2026-14254
Updated: 2026-07-16T14:54:29.903Z
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses