4 matches found
BIT-MINIO-2026-33419 MinIO: LDAP login brute-force via user enumeration and missing rate limit
MinIO is a high-performance object storage system. Prior to 2026.03.17, MinIO AIStor's STS Security Token Service AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: 1 distinguishable error responses that enable username enumeration,...
CVE-2026-33419
MinIO AIStor is vulnerable to LDAP credential brute-forcing via the AssumeRoleWithLDAPIdentity endpoint due to distinguishable error responses enabling username enumeration and the absence of rate limiting. All deployments with LDAP configured are affected. Successful exploitation can yield tempo...
GHSA-JV87-32HW-HH99 MinIO LDAP login brute-force via user enumeration and missing rate limit
Impact What kind of vulnerability is it? Who is impacted? MinIO AIStor's STS Security Token Service AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: 1 distinguishable error responses that enable username enumeration, and 2 absence ...
EUVD-2018-11648
Malware in sbrugna...