Smit B. Shah

**Name of the Vulnerable Software and Affected Versions** Revive Adserver versions prior to 3.2.3 **Description** The issue allows for password-guessing attacks due to improper restriction of excessive authentication attempts on the login page. A countermeasure has been introduced, including a random delay in case of password failures and a system to discourage parallel brute forcing, aiming to allow valid users to log in even during an attack. **Recommendations** For versions prior to 3.2.3, update to version 3.2.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Revive Adserver versions prior to 3.2.3 **Description** The issue allows an attacker to determine whether an email address is associated with one or more user accounts by analyzing the message from the password recovery system. However, this information cannot be used directly to log in to the system, as a username is required. **Recommendations** For versions prior to 3.2.3, update to version 3.2.3 or later to resolve the issue.