Lucene search
CVE-2023-27100
Improper restriction of excessive authentication attempts in SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0
Show more
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | CVE-2023-27100 | 22 Mar 202323:15 | – | nvd |
 | pfsenseCE v2.6.0 - Anti-brute force protection bypass Exploit | 10 Apr 202300:00 | – | zdt |
 | CVE-2023-27100 | 22 Mar 202300:00 | – | cvelist |
 | CVE-2023-27100 | 22 Mar 202300:00 | – | vulnrichment |
 | Exploit for Improper Restriction of Excessive Authentication Attempts in Netgate Pfsense Plus | 7 Apr 202307:38 | – | githubexploit |
| Exploit for Improper Restriction of Excessive Authentication Attempts in Netgate Pfsense Plus | 20 May 202413:35 | – | githubexploit |
 | pfsenseCE 2.6.0 Protection Bypass | 10 Apr 202300:00 | – | packetstorm |
 | Input validation | 22 Mar 202323:15 | – | prion |
 | pfsenseCE v2.6.0 - Anti-brute force protection bypass | 8 Apr 202300:00 | – | exploitdb |
Node
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| __csrf_magic | request body | / | Bypassing anti-brute force protection in pfSense CE by submitting crafted web requests. | CWE-307 |
| usernamefld | request body | / | Bypassing anti-brute force protection in pfSense CE by submitting crafted web requests. | CWE-307 |
| passwordfld | request body | / | Bypassing anti-brute force protection in pfSense CE by submitting crafted web requests. | CWE-307 |
| login | request body | / | Bypassing anti-brute force protection in pfSense CE by submitting crafted web requests. | CWE-307 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo22 Mar 2023 23:15Current
9.5High risk
Vulners AI Score9.5
CVSS39.8
EPSS0.03026
SSVC