3 matches found
rdiffweb's unlimited username field length can lead to DoS
rdiffweb prior to 2.4.8 is vulnerable to a potential Dos attack via an unlimited length "username" field. This can result in excess memory consumption, or memory corruption, leading to a Denial of Service DoS. This issue is patched in version 2.4.8. There are no known workarounds...
PT-2022-21561 · Rdiffweb · Rdiffweb
Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.8 Description: The issue is related to improper handling of length parameter inconsistency. It can be exploited via an unlimited length username field, potentially leading to excess memory consumption or memory...
CVE-2019-16374
Pega Platform 8.2.1 allows LDAP injection because a username can contain a character and can be of unlimited length. An attacker can specify four characters of a username, followed by the character, to bypass access control...