CVE-2018-12649

Name of the Vulnerable Software and Affected Versions MISP version 2.4.92

Description A security issue allows an adversary to bypass brute-force protection in the login functionality by utilizing a PUT HTTP method instead of a POST HTTP method. This is because the protection mechanism only covers POST requests.

Recommendations For MISP version 2.4.92, consider modifying the brute-force protection to cover both POST and PUT HTTP methods to prevent bypass attempts. As a temporary workaround, consider restricting or disabling the use of PUT requests in the login part until a patch is available.