PT-2023-18286 · Modoboa · Modoboa
Ahmed Hassan
+1
·
Publicado
2023-04-18
·
Atualizado
2023-12-18
·
CVE-2023-2160
CVSS v3.1
6.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
modoboa/modoboa versions prior to 2.1.0
Description
The issue is related to weak password requirements in the modoboa/modoboa GitHub repository. Users can set unsafe passwords, such as
1 or HACK. This issue is fixed in version 2.1.0.Recommendations
For versions prior to 2.1.0, update to version 2.1.0 to resolve the issue. As a temporary workaround, consider enforcing strong password policies to minimize the risk of exploitation. Restrict access to password settings to prevent users from setting weak passwords until the issue is resolved.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Modoboa