Security
Headlines

Headlines Latest CVEs

Headline

GHSA-8wxf-c45w-g66g: rdiffweb vulnerable to password complexity bypass leading to weak passwords

ikus060/rdiffweb prior to 2.4.9 allows a user to set there password to all spaces. While rdiffweb has a password policy requiring passwords to be between 8 and 128 characters, it does not validate the password entropy, allowing users to bypass password complexity requirements with weak passwords. This issue has been fixed in version 2.4.9. No workarounds are known to exist.

2 years ago

rdiffweb vulnerable to password complexity bypass leading to weak passwords

Moderate severity GitHub Reviewed Published Sep 30, 2022 • Updated Oct 1, 2022

Related news

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9.

2 years ago

ghsa: Latest News

GHSA-7p9f-6x8j-gxxp: CRI-O: Maliciously structured checkpoint file can gain arbitrary node access

22 minutes ago

GHSA-hh33-46q4-hwm2: Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion

2 hours ago

GHSA-rmv2-8jjc-23xw: TCPDF Local File Inclusion vulnerability

3 hours ago

GHSA-w5rq-g9r6-vrcg: @dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling

5 hours ago

GHSA-q4xm-6fjc-5f6w: sigstore-java has vulnerability with bundle verification

5 hours ago