Lucene search
PRIOn knowledge basePRION:CVE-2023-34243HistoryJun 08, 2023 - 10:15 p.m.
Code injection
2023-06-0822:15:00
PRIOn knowledge base
www.prio-n.com
3
code injection
windows user
brute-forcing
login endpoint
vulnerability patch
security upgrade
api rate-limiting
TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct response would be generated. This issue has been addressed in version 5.12.5. Users are advised to upgrade. Users unable to upgrade may be mitigated by rate-limiting API calls with software that sits in front of TGS in the HTTP pipeline such as fail2ban.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tgstation-server | ge | 4.0.0.0 | |
| tgstation-server | lt | 5.12.5 |
Related
nvd
nvd
CVE-2023-34243
2023-06-08 22:15:09
cvelist
cvelist
CVE-2023-34243 Windows user name disclosure in TGstation
2023-06-08 21:09:14
cve
cve
CVE-2023-34243
2023-06-08 22:15:09
osv
osv
CVE-2023-34243
2023-06-08 22:15:09