4 matches found
CVE-2021-33563
Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. This might make brute-force attacks easier...
CVE-2021-34064
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-33563. Reason: This candidate is a duplicate of CVE-2021-33563. Notes: All CVE users should reference CVE-2021-33563 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
CVE-2021-33563
Koel prior to 5.1.4 is affected by an authentication weakness: no login throttling, no minimum password strength policy, and failure messages indicate whether a username is valid. Red Hat/CVE and OSV entries echo the same Description. Impact is described as facilitating brute-force attempts; no e...
CVE-2021-34064
CVE-2021-34064 is a duplicate of CVE-2021-33563 and should reference that entry. Connected data show Koel before 5.1.4 is affected: it lacks login throttling and a password strength policy, and reveals whether a failed login attempt used a valid username. This combination may facilitate brute-for...