Lucene search
GitHub Advisory DatabaseGHSA-8V6M-7F5V-HHX6HistoryMay 23, 2024 - 7:37 p.m.
Silverstripe Brute force bypass on default admin
2024-05-2319:37:11
CWE-307
GitHub Advisory Database
github.com
2
silverstripe
brute force
bypass
default admin
login counts
software
unlimited attempts
7.2 High
AI Score
Confidence
Low
Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password.
Affected configurations
Node
silverstripeframeworkRange<3.3.2
ORsilverstripeframeworkRange<3.2.4
ORsilverstripeframeworkRange<3.1.19
| CPE | Name | Operator | Version |
|---|---|---|---|
| silverstripe/framework | lt | 3.3.2 | |
| silverstripe/framework | lt | 3.2.4 | |
| silverstripe/framework | lt | 3.1.19 |
References
7.2 High
AI Score
Confidence
Low