3 matches found
CVE-2023-47111
ZITADEL provides identity infrastructure. ZITADEL provides administrators the possibility to define a Lockout Policy with a maximum amount of failed password check attempts. On every failed password check, the amount of failed checks is compared against the configured maximum. Exceeding the limit...
CVE-2023-47111 ZITADEL race condition in lockout policy execution
ZITADEL provides identity infrastructure. ZITADEL provides administrators the possibility to define a Lockout Policy with a maximum amount of failed password check attempts. On every failed password check, the amount of failed checks is compared against the configured maximum. Exceeding the limit...
CVE-2023-47111
CVE-2023-47111 describes a race condition in ZITADEL’s lockout policy: an attacker could initiate multiple parallel password checks, enabling more attempts than the policy allows. The issue affects ZITADEL’s identity infrastructure and relates to the handling of failed password checks within the ...