20 matches found
Malicious Package
Overview @umreg/zxcvbn is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
CVE-2023-34109
zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform which are using the second argument of the zxcvbn function. It can result in an unbounded resource consumption as the user inputs array is extended with...
Denial Of Service (DoS)
zxcvbn-ts password strength estimator is vulnerable to denial of service DoS. The vulnerability is due to not restricting user supplied input to a maximum value. This leads to unbounded resource consumption resulting in a nodejs crash...
CVE-2023-34109
zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform which are using the second argument of the zxcvbn function. It can result in an unbounded resource consumption as the user inputs array is extended with...
Design/Logic Flaw
zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform which are using the second argument of the zxcvbn function. It can result in an unbounded resource consumption as the user inputs array is extended with...
CVE-2023-34109
CVE-2023-34109 — zxcvbn-ts (core) resource exhaustion : Affects zxcvbn-ts on Node.js when using the second argument of the zxcvbn function, where the inputs array can grow unbounded with each call, leading to potential DoS. Public advisories indicate the issue impacts both Node.js and browsers, a...
CVE-2023-34109 User input results in Unbounded resource consumption in @zxcvbn-ts/core
zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform which are using the second argument of the zxcvbn function. It can result in an unbounded resource consumption as the user inputs array is extended with...
CVE-2023-34109 User input results in Unbounded resource consumption in @zxcvbn-ts/core
zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform which are using the second argument of the zxcvbn function. It can result in an unbounded resource consumption as the user inputs array is extended with...
CVE-2023-34109 User input results in Unbounded resource consumption in @zxcvbn-ts/core
zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform which are using the second argument of the zxcvbn function. It can result in an unbounded resource consumption as the user inputs array is extended with...
zxcvbn-ts 资源管理错误漏洞
zxcvbn-ts is zxcvbn-ts open source a password strength estimator inspired by password crackers. A resource management error vulnerability exists in versions prior to zxcvbn-ts 3.0.2, which stems from...
PT-2023-24680 · Zxcvbn-Ts · Zxcvbn-Ts
Name of the Vulnerable Software and Affected Versions: zxcvbn-ts versions prior to 3.0.2 Description: This issue affects users running on the NodeJS platform who are using the second argument of the zxcvbn function. It can result in unbounded resource consumption as the user inputs array is...
@aaa-backend-stack/file-storage-local (>=1.16.0 <=2.4.4), @aaa-backend-stack/file-storage-s3 (>=1.16.0 <=2.4.4) +591 more potentially affected by unknown CVE via zxcvbn (>=2.0.1 <=4.4.2)
zxcvbn NPM version =2.0.1, =1.16.0, =1.16.0, =1.16.1, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.1, =1.0.0, =0.0.9, =1.7.7, =2.0.6, =0.0.5, =1.1.10, =1.16.136 and more Source cves: unknown CVE Source advisory: SNYK:JS-ZXCVBN-3257741...
Regular Expression Denial of Service (ReDoS)
Overview zxcvbn is a realistic password strength estimation Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the repeatmatch functionality, due to the usage of an insecure regex in lazyanchored variable. PoC js const zxcvbn = require"zxcvbn";...
Fedora: Security Advisory for golang-github-nbutton23-zxcvbn (FEDORA-2022-37aef44d1e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: golang-github-nbutton23-zxcvbn-0.1-9.20210110gite56b841.fc36
Zxcvbn password complexity algorithm in golang...
Fedora: Security Advisory for golang-github-nbutton23-zxcvbn (FEDORA-2022-3969b64d4b)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: golang-github-nbutton23-zxcvbn-0.1-8.20210110gite56b841.fc35
Zxcvbn password complexity algorithm in golang...
Fedora: Security Advisory for golang-github-nbutton23-zxcvbn (FEDORA-2022-fae3ecee19)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 36 Update: golang-github-nbutton23-zxcvbn-0.1-8.20210110gite56b841.fc36
Zxcvbn password complexity algorithm in golang...
Dropbox: Algorithmic complexity vulnerability in ZXCVBN leads to remote denial of service attack
@davidrenardy discovered that the ZXCVBN algorithm is quadratic in time complexity, which implies that the user can submit an arbitrarily long password to the library, leading to a potential denial of service attack if performed at scale. Given how ZXCVBN is used at Dropbox, we accept the Denial ...