4 matches found
Allocation of Resources Without Limits or Throttling
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via unbounded concurrent unauthenticated WebSocket upgrades before session authentication. An attacker can exhaust socket and worker...
Missing Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the onboard-remote.ts process. An attacker can gain unauthorized access to gateway credentials and potentially intercept sensitive traffic by leveraging a...
Brute Force
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Brute Force via the webhook authentication process. An attacker can gain unauthorized access by repeatedly attempting to guess shared secrets without restriction, potentially allowing the...
Weak Password Requirements
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Weak Password Requirements due to insufficient rate limiting in the webhook authentication process. An attacker can repeatedly guess weak webhook tokens by sending numerous authentication...