CVE-2023-32699

Name of the Vulnerable Software and Affected Versions MeterSphere versions 2.9.1 and prior

Description MeterSphere is an open source continuous testing platform. The issue arises when a user submits a very long password during login, forcing the system to execute the long password MD5 encryption process using the checkUserPassword method and the CodingUtil.md5 method. This causes the server CPU and memory to be exhausted, leading to a denial of service attack on the server.

Recommendations For versions 2.9.1 and prior, update to version 2.10.0-lts, which includes a fix with a maximum password length to prevent this issue. As a temporary workaround, consider restricting the password length to prevent excessive MD5 encryption processes.