Lucene search
GoogleOSV:CVE-2016-3084HistoryMay 25, 2017 - 5:29 p.m.
CVE-2016-3084
2017-05-2517:29:00
Google
osv.dev
5
The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
| CPE | Name | Operator | Version |
|---|---|---|---|
| cf-release | eq | 198 | |
| cf-release | eq | 91 | |
| cf-release | eq | 1.5.3 | |
| cf-release | eq | 112 | |
| cf-release | eq | rc145.0 | |
| cf-release | eq | 1.5.4.1 | |
| cf-release | eq | 228 | |
| cf-release | eq | 8 | |
| cf-release | eq | 120 | |
| cf-release | eq | 1.0.1 |
References
Related
cloudfoundry
cloudfoundry
CVE-2016-3084 UAA Password Reset Vulnerability | Cloud Foundry
2016-05-23 00:00:00
cvelist
cvelist
CVE-2016-3084
2017-05-25 17:00:00
cve
cve
CVE-2016-3084
2017-05-25 17:29:00
osv
osv
Cloud Foundry UAA reset password vulnerable to brute force attack
2022-05-13 01:07:24
nvd
nvd
CVE-2016-3084
2017-05-25 17:29:00
prion
prion
Default credentials
2017-05-25 17:29:00
github
github
Cloud Foundry UAA reset password vulnerable to brute force attack
2022-05-13 01:07:24