Lucene search

CheckmkCVELIST:CVE-2024-28833

HistoryJun 10, 2024 - 11:55 a.m.

CVE-2024-28833 Missing brute-force protection for two factor authentication

2024-06-1011:55:50

CWE-307

Checkmk

www.cve.org

cve-2024-28833

missing brute-force protection

two factor authentication

checkmk 2.3

excessive authentication attempts

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

37.3%

JSON

Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Checkmk",
    "vendor": "Checkmk GmbH",
    "versions": [
      {
        "lessThan": "2.3.0p6",
        "status": "affected",
        "version": "2.3.0",
        "versionType": "semver"
      }
    ]
  }
]

References

checkmk.com/werk/16830

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

37.3%

JSON

Related for CVELIST:CVE-2024-28833