Lucene search
K

5 matches found

Snyk
Snyk
added 2025/09/08 9:41 p.m.5 views

Improper Control of Interaction Frequency

Overview ethyca-fides is an Open-source ecosystem for data privacy as code. Affected versions of this package are vulnerable to Improper Control of Interaction Frequency due to inefficient built-in IP-based rate limiting in environments with CDNs, proxies or load balancers. An attacker can...

7.5CVSS6.7AI score0.00406EPSS
Exploits0References2
CVE
CVE
added 2025/09/08 9:11 p.m.28 views

CVE-2025-57815

CVE-2025-57815 (Fides) describes a lack of anti-automation protections on the Admin UI login endpoint prior to version 2.69.1, enabling brute-force style credential testing (credential stuffing/password spraying) against accounts with weak or compromised passwords. Affected product: Fides (Open S...

6.5CVSS6.6AI score0.00277EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2025/09/08 8:45 p.m.6 views

Brute Force

Overview ethyca-fides is an Open-source ecosystem for data privacy as code. Affected versions of this package are vulnerable to Brute Force via insufficient protections on the authentication process. An attacker can gain unauthorized access to user accounts by performing automated credential...

6.5CVSS7AI score0.00277EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/09/08 8:45 p.m.15 views

Fides has a Lack of Brute-Force Protections on Authentication Endpoints

Summary The Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to conduct credential testing attacks, such as credential stuffing or...

6.5CVSS7.1AI score0.00277EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2025/09/08 8:5 p.m.3 views

Insufficient Session Expiration

Overview ethyca-fides is an Open-source ecosystem for data privacy as code. Affected versions of this package are vulnerable to Insufficient Session Expiration due to the insufficient session management. The authentication system validates tokens based on their cryptographic integrity and...

6.3CVSS6.6AI score0.00275EPSS
Exploits1References2
Rows per page
Query Builder