2 matches found
CVE-2021-41171
eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing...
CVE-2021-41171
CVE-2021-41171 affects eLabFTW prior to 4.1.0. The issue allows bypassing brute-force protection by using forged PHPSESSID values in the HTTP Cookie header, enabling login bypass as described in multiple sources. Remediation is to upgrade to version 4.1.0 (upstream rate limiting is a valid option...