2 matches found
CVE-2020-11052
Summary: CVE-2020-11052 describes a brute-force vulnerability in Sorcery prior to 0.15.0 related to password authentication. The built-in brute-force protection submodule would block attempts for a defined lockout period, but after expiry the protection is not re-enabled automatically unless a su...
CVE-2020-11052 Improper Restriction of Excessive Authentication Attempts in Sorcery
In Sorcery before 0.15.0, there is a brute force vulnerability when using password authentication via Sorcery. The brute force protection submodule will prevent a brute force attack for the defined lockout period, but once expired, protection will not be re-enabled until a user or malicious actor...