5 matches found
Improper Control of Interaction Frequency
Overview ethyca-fides is an Open-source ecosystem for data privacy as code. Affected versions of this package are vulnerable to Improper Control of Interaction Frequency due to inefficient built-in IP-based rate limiting in environments with CDNs, proxies or load balancers. An attacker can...
CVE-2025-57815
CVE-2025-57815 (Fides) describes a lack of anti-automation protections on the Admin UI login endpoint prior to version 2.69.1, enabling brute-force style credential testing (credential stuffing/password spraying) against accounts with weak or compromised passwords. Affected product: Fides (Open S...
Brute Force
Overview ethyca-fides is an Open-source ecosystem for data privacy as code. Affected versions of this package are vulnerable to Brute Force via insufficient protections on the authentication process. An attacker can gain unauthorized access to user accounts by performing automated credential...
Fides has a Lack of Brute-Force Protections on Authentication Endpoints
Summary The Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to conduct credential testing attacks, such as credential stuffing or...
Insufficient Session Expiration
Overview ethyca-fides is an Open-source ecosystem for data privacy as code. Affected versions of this package are vulnerable to Insufficient Session Expiration due to the insufficient session management. The authentication system validates tokens based on their cryptographic integrity and...