Renini

**Name of the Vulnerable Software and Affected Versions** privacyIDEA versions prior to 2.23.2 **Description** The issue is related to improper input validation in the token validation API, which can lead to a Denial-of-Service. This can be exploited via an HTTP request to the "/validate/check" API endpoint with specific parameters, such as `user=` and `pass=`. **Recommendations** For versions prior to 2.23.2, update to version 2.23.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/validate/check" API endpoint until the update is applied. Avoid using the `user` and `pass` parameters in the affected API endpoint until the issue is resolved.