Headline
GHSA-7q4r-x5qg-mmcp: rdiffweb has no rate limit on resend email feature
rdiffweb prior to 2.5.5 has no rate limit on the “resend email feature” while enable or disable 2FA from /prefs/mfa endpoint .
rdiffweb has no rate limit on resend email feature
Moderate severity GitHub Reviewed Published Dec 27, 2022 • Updated Dec 30, 2022
Related news
CVE-2022-4723: Ratelimit "Resend code to my email" in Two-Factor Authentication view · ikus060/rdiffweb@6e9ee21
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.5.