Lucene search

K
githubGitHub Advisory DatabaseGHSA-8V6M-7F5V-HHX6
HistoryMay 23, 2024 - 7:37 p.m.

Silverstripe Brute force bypass on default admin

2024-05-2319:37:11
CWE-307
GitHub Advisory Database
github.com
2
silverstripe
brute force
bypass
default admin
login counts
software
unlimited attempts

7.2 High

AI Score

Confidence

Low

Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password.

Affected configurations

Vulners
Node
silverstripeframeworkRange<3.3.2
OR
silverstripeframeworkRange<3.2.4
OR
silverstripeframeworkRange<3.1.19

7.2 High

AI Score

Confidence

Low