Lucene search

K
githubGitHub Advisory DatabaseGHSA-9GXX-32P7-FF7M
HistoryApr 18, 2023 - 6:30 p.m.

Modoboa has Weak Password Requirements

2023-04-1818:30:29
CWE-521
GitHub Advisory Database
github.com
5
modoboa
weak passwords
security issue
software vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

56.9%

Modoboa 2.0.5 and prior allows users to set unsafe passwords, such as 1 or HACK. This issue is fixed in commit 130257c96a2392ada795785a91178e656e27015c and anticipated to be part of version 2.1.0.

Affected configurations

Vulners
Node
github_advisory_databasemodoboaRange2.0.5
CPENameOperatorVersion
modoboale2.0.5

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

56.9%

Related for GHSA-9GXX-32P7-FF7M