Lucene search
Veracode Vulnerability DatabaseVERACODE:40296HistoryApr 26, 2023 - 1:12 p.m.
Improper Authentication
2023-04-2613:12:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
calibreweb web.py file bruteforcing software security vulnerability restrictions authentication takeover
EPSS
0.002
Percentile
61.7%
calibreweb is vulnerable to Improper Authentication. The vulnerability exists in the login function of web.py file, which allows a remote attacker to takeover the account by bruteforcing due to improper restriction of excessive authentication attempts.
References
github.com/advisories/GHSA-jg8w-wgx2-g7q4
github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e
github.com/janeczku/calibre-web/commit/ae3e3559b86efc03f19dba0e6dc930304bf63e46
huntr.dev/bounties/9ff87820-c14c-4454-9764-406496254ef0
huntr.dev/bounties/9ff87820-c14c-4454-9764-406496254ef0/
Related
github
github
Improper Restriction of Excessive Authentication Attempts in calibreweb
2023-04-15 15:30:15
osv
osv
CVE-2022-2525
2023-04-15 13:15:44
Improper Restriction of Excessive Authentication Attempts in calibreweb
2023-04-15 15:30:15
nvd
nvd
CVE-2022-2525
2023-04-15 13:15:44
cvelist
cvelist
cve
cve
CVE-2022-2525
2023-04-15 13:15:44
huntr
huntr
Improper Restriction of Excessive Authentication Attempts in login feature
2022-06-01 05:25:00
prion
prion
Input validation
2023-04-15 13:15:00