Headline

GHSA-9g3v-v24q-jj5p: rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks

rdiffweb prior to 2.5.0a4 does not have a rate limit to prevent attackers attempting brute force attacks to guess passwords. Version 2.5.0a4 limits the number of incorrect password attempts.

2 years ago

ghsa

Open in Source

#web #git

GitHub Advisory Database
GitHub Reviewed
CVE-2022-3273

rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks

Low severity GitHub Reviewed Published Oct 6, 2022 • Updated Oct 6, 2022

Package

pip rdiffweb (pip)

Affected versions

< 2.5.0

Description

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.

2 years ago

CVE

Open in Source

#web #git #ldap #auth #ssh

ghsa: Latest News

GHSA-pxg6-pf52-xh8x: cookie accepts cookie name, path, and domain with out of bounds characters

23 hours ago

ghsa

GHSA-q898-frwq-f3qp: Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS

1 day ago

ghsa

GHSA-8xq9-g7ch-35hg: Parse Server's custom object ID allows to acquire role privileges

1 day ago

ghsa

GHSA-8h22-6qwx-q4w9: OpenStack Ironic fails to verify checksums of supplied image_source URLs

1 day ago

ghsa

GHSA-wwcp-26wc-3fxm: JSON-lib mishandles an unbalanced comment string

1 day ago

ghsa

Headline

GHSA-9g3v-v24q-jj5p: rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks

Related news

ghsa: Latest News