PT-2020-14617 · Gradle · Gradle Enterprise
Published
2020-09-18
·
Updated
2022-09-30
·
CVE-2020-15770
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Gradle Enterprise version 2018.5
Description
An issue was discovered that allows an attacker to make repeated attempts to guess a local user's password due to the lack of lock-out after excessive failed logins.
Recommendations
For Gradle Enterprise version 2018.5, consider implementing a custom lock-out mechanism after a specified number of failed login attempts to mitigate the risk of password guessing attacks.
Fix
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gradle Enterprise