Lucene search
PRIOn knowledge basePRION:CVE-2016-3084HistoryMay 25, 2017 - 5:29 p.m.
Default credentials
2017-05-2517:29:00
PRIOn knowledge base
www.prio-n.com
2
The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
| CPE | Name | Operator | Version |
|---|---|---|---|
| cloud_foundry_uaa_bosh | le | 10 | |
| cloud_foundry | le | 236 | |
| cloud_foundry_elastic_runtime | le | 1.7.1 | |
| cloud_foundry_uaa | le | 3.3.0 |
References
Related
github
github
Cloud Foundry UAA reset password vulnerable to brute force attack
2022-05-13 01:07:24
cve
cve
CVE-2016-3084
2017-05-25 17:29:00
osv
osv
Cloud Foundry UAA reset password vulnerable to brute force attack
2022-05-13 01:07:24
CVE-2016-3084
2017-05-25 17:29:00
nvd
nvd
CVE-2016-3084
2017-05-25 17:29:00
cloudfoundry
cloudfoundry
CVE-2016-3084 UAA Password Reset Vulnerability | Cloud Foundry
2016-05-23 00:00:00
cvelist
cvelist
CVE-2016-3084
2017-05-25 17:00:00