5 matches found
com.antonyudin.wildfly.security:ay-securityrealm-ejb (=1.0), org.jboss.as:hal-testsuite-basic (=0.0.6) +13 more potentially affected by CVE-2025-23368 via org.wildfly.core:wildfly-elytron-integration (>=10.0.0.Beta1 <=9.0.2.Final)
org.wildfly.core:wildfly-elytron-integration MAVEN version =10.0.0.Beta1, =5.0.0.Alpha6, =3.0.0.Beta17, =5.0.0.Alpha6, =3.0.0.Beta17, =13.0.0.Beta1, =5.0.0.Alpha6, =3.0.0.Beta22, =25.0.0.Final, =25.0.0.Final, =25.0.0.Final, =27.0.0.Alpha2, =27.0.0.Final, =27.0.1.Final Source cves: CVE-2025-23368...
CVE-2025-23368
A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI...
CVE-2025-23368 Org.wildfly.core:wildfly-elytron-integration: wildfly elytron brute force attack via cli
A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI...
CVE-2025-23368
CVE-2025-23368 relates to the Wildfly Elytron integration exposing a brute-force risk for CLI authentication. Red Hat’s advisory RHSA-2026:18059 (and CVE-2025-23368‑specific RHSA-2026:18059-CVE-2025-23368) fixes this in Red Hat JBoss Enterprise Application Platform 8.1.6 and WildFly Core updates....
CVE-2025-23368
A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI. Mitigation The effectiveness of an attack will also be...