PT-2005-3343 · Gforge · Gforge

Jose Antonio Coret

Published

2005-08-03

Updated

2016-10-18

CVE-2005-2431

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions GForge version 4.5

Description The issue affects the lost password and account pending features, allowing remote attackers to send a large number of messages to arbitrary e-mail addresses, essentially creating a mail bomb.

Recommendations For GForge version 4.5, consider implementing a limit on the number of e-mails sent to an e-mail address to prevent abuse. As a temporary workaround, restrict access to the lost password and account pending features until a proper fix is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2431

Affected Products

Gforge

PT-2005-3343 · Gforge · Gforge

CVE-2005-2431

Related Identifiers

Affected Products

References · 2