GoogleOSV:GHSA-7942-2FX8-QHPFRaneto v0.17.0 employs weak password complexity requirements
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
58.5%
Raneto v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. Version 0.17.1 contains security mitigations for this and other vulnerabilities.
References
raneto.com
cwe.mitre.org/data/definitions/521.html
gainsec.com/2022/08/04/cve-2022-35142-cve-2022-35143-cve-2022-35144
github.com/gilbitron/Raneto/releases
github.com/ryanlelek/Raneto
github.com/ryanlelek/Raneto/commit/55e442c9bc67b845094e14ceb228e95c639595be
github.com/ryanlelek/Raneto/pull/370
github.com/ryanlelek/Raneto/releases/tag/0.17.1
nvd.nist.gov/vuln/detail/CVE-2022-35143
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
58.5%