CVE-2020-1722

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions ipa versions 4.x.x through 4.8.0

Description A flaw was found in the password hashing process. When a very long password (>= 1,000,000 characters) is sent to the server, it could exhaust memory and CPU, leading to a denial of service and the website becoming unresponsive. The highest threat from this issue is to system availability.

Recommendations For ipa versions 4.x.x through 4.8.0, consider restricting the length of passwords that can be sent to the server to prevent exhaustion of memory and CPU. As a temporary workaround, implement measures to limit the impact of a denial of service, such as monitoring system resources and configuring the server to handle high loads. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALSA-2020:4670

ALT-PU-2020-1782

ALT-PU-2020-2174

CESA-2020_3936

CESA-2020_4670

CVE-2020-1722

RHSA-2020:3936

RHSA-2020:4670

RHSA-2020_3936

RHSA-2020_4670

RLSA-2020:4670

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Red Hat

Rocky Linux

Ipa

CVE-2020-1722

Weakness Enumeration

Related Identifiers

Affected Products

References · 90