Rdiffweb · Rdiffweb · CVE-2022-4723
**Name of the Vulnerable Software and Affected Versions**
rdiffweb versions prior to 2.5.5
**Description**
The issue is related to the allocation of resources without limits or throttling in the rdiffweb GitHub repository. Specifically, there is no rate limit on the "resend email feature" when enabling or disabling 2FA from the "/prefs/mfa" endpoint.
**Recommendations**
For versions prior to 2.5.5, update to version 2.5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/prefs/mfa" endpoint to minimize the risk of exploitation.