Veracode Vulnerability DatabaseVERACODE:45530Improper Restriction Of Excessive Authentication Attempts
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
15.5%
github.com/greenpau/caddy-security is vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). The vulnerability is due to improper 2FA timeout functionality, allowing an attackers to bypass this blocking mechanism by automating the applicationβs full multistep 2FA process.
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
15.5%