PT-2023-20767 · Froxlor · Froxlor

Publicado

2023-05-12

Atualizado

2023-05-19

CVE-2023-2666

CVSS v3.1

6.8

Média

Vetor

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Froxlor versions prior to 2.0.16

Description The issue concerns the allocation of resources without limits or throttling, specifically on the password reset page, which lacks a rate limit. This could potentially lead to abuse or exploitation.

Recommendations For versions prior to 2.0.16, update to version 2.0.16 or later to resolve the issue. As a temporary workaround, consider implementing a rate limit on the password reset page to minimize the risk of exploitation. Restrict access to the password reset functionality to prevent abuse until the update can be applied.

Exploit

Correção

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770

Identificadores relacionados

CVE-2023-2666

GHSA-4GM9-C9JQ-G523

Produtos afetados

Froxlor

PT-2023-20767 · Froxlor · Froxlor

CVE-2023-2666

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7