Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistHackeroneCVELIST:CVE-2016-9124
HistoryMar 28, 2017 - 2:46 a.m.

CVE-2016-9124

2017-03-2802:46:00
CWE-307
hackerone
www.cve.org

9.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.6%

JSON

Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users during such attacks. A random delay has instead been introduced as a countermeasure in case of password failures, along with a system to discourage parallel brute forcing. These systems will effectively allow the valid users to log in to the adserver, even while an attack is in progress.

CNA Affected

[
  {
    "product": "Revive Adserver All versions before 3.2.3",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Revive Adserver All versions before 3.2.3"
      }
    ]
  }
]

Related

nvd 1
hackerone 1
cve 1
prion 1
osv 1
openvas 1
nvd
nvd
CVE-2016-9124
2017-03-28 02:59:00
hackerone
hackerone
Revive Adserver: Login page password-guessing attack
2015-10-27 16:47:40
cve
cve
CVE-2016-9124
2017-03-28 02:59:00
prion
prion
Design/Logic Flaw
2017-03-28 02:59:00
osv
osv
CVE-2016-9124
2017-03-28 02:59:00
openvas
openvas
Revive Adserver Multiple Vulnerabilities
2016-10-04 00:00:00

9.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.6%

JSON
Related for CVELIST:CVE-2016-9124
nvd1hackerone1cve1prion1osv1openvas1