2 matches found
Brute Force
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Brute Force in the authentication process. An attacker can bypass rate limiting by supplying a fake DeviceToken, allowing repeated authentication attempts without triggering shared rate...
GHSA-6P8R-6M93-557F OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting
Summary Fake DeviceToken Bypasses Shared Auth Rate Limiting Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Real in shipped mixed WS auth flow, but practical risk is mostly weak shared-password deployments since strong shared tokens remain non-bruteforceable...