Lucene search
HistoryApr 24, 2024 - 12:15 p.m.
CVE-2024-28825
cve-2024-28825
authentication
checkmk
brute-forcing
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0
Percentile
9.0%
Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing.
References
Related
cve
cve
CVE-2024-28825
2024-04-24 12:15:06
cvelist
cvelist
CVE-2024-28825 Brute-force protection ineffective for some login methods
2024-04-24 11:25:36
vulnrichment
vulnrichment
CVE-2024-28825 Brute-force protection ineffective for some login methods
2024-04-24 11:25:36
osv
osv
UBUNTU-CVE-2024-28825
2024-09-23 00:00:00
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0
Percentile
9.0%
Related for NVD:CVE-2024-28825