An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack.
[
{
"product": "Synology CardDAV Server",
"vendor": "Synology",
"versions": [
{
"status": "affected",
"version": "before 6.0.7-0085"
}
]
}
]