EPSS
Percentile
59.6%
rdiffweb is vulnerable to authentication bypass. The vulnerability is due to a lack of a rate limit on the user login feature which allows an attacker to bruteforce the login page and access the previous user sessions.
github.com/ikus060/rdiffweb/commit/b78ec09f4582e363f6f449df6f987127e126c311
github.com/ikus060/rdiffweb/releases/tag/2.5.0a5
huntr.dev/bounties/37b86c45-b240-4626-bd53-b6f02d10e0d7