PT-2018-10294 · Cloud Foundry · Cloud Foundry Uaa
Publicado
2018-10-05
·
Atualizado
2019-10-09
·
CVE-2018-11082
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cloud Foundry UAA versions prior to 4.20.0
Cloud Foundry UAA Release versions prior to 61.0
Description
The issue allows a remote unauthenticated malicious user with a valid username and password to brute force Multi-Factor Authentication (MFA) codes, enabling them to login as the targeted user.
Recommendations
For Cloud Foundry UAA versions prior to 4.20.0, update to version 4.20.0 or later.
For Cloud Foundry UAA Release versions prior to 61.0, update to version 61.0 or later.
Correção
Improper Restriction of Excessive Authentication Attempts
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cloud Foundry Uaa