Lucene search
CheckmkCVELIST:CVE-2024-28825HistoryApr 24, 2024 - 11:25 a.m.
CVE-2024-28825 Brute-force protection ineffective for some login methods
2024-04-2411:25:36
CWE-307
Checkmk
www.cve.org
3
cve-2024-28825
brute-force protection
checkmk
authentication methods
password brute-forcing
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6.2
Confidence
High
EPSS
0
Percentile
9.0%
Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Checkmk GmbH",
"versions": [
{
"lessThan": "2.3.0b5",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
},
{
"lessThan": "2.2.0p26",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
},
{
"lessThan": "2.1.0p43",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.0p39",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
]References
Related
cve
cve
CVE-2024-28825
2024-04-24 12:15:06
nvd
nvd
CVE-2024-28825
2024-04-24 12:15:06
vulnrichment
vulnrichment
CVE-2024-28825 Brute-force protection ineffective for some login methods
2024-04-24 11:25:36
osv
osv
UBUNTU-CVE-2024-28825
2024-09-23 00:00:00
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6.2
Confidence
High
EPSS
0
Percentile
9.0%
Related for CVELIST:CVE-2024-28825