PT-2020-19906 · Dolibarr · Dolibarr

Published

2020-01-26

Updated

2025-04-03

CVE-2020-7995

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Dolibarr version 10.0.6

Description The issue concerns the htdocs/index.php?mainmenu=home login page, which allows an unlimited rate of failed authentication attempts. This could potentially lead to brute-force attacks.

Recommendations For Dolibarr version 10.0.6, consider implementing rate limiting on the login page to restrict the number of failed authentication attempts. As a temporary workaround, restrict access to the htdocs/index.php?mainmenu=home login page until a patch is available.

Exploit

Fix

Improper Authentication

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-307

Related Identifiers

BIT-DOLIBARR-2020-7995

CVE-2020-7995

GHSA-M5C3-3GVF-Q8J5

Affected Products

Dolibarr

PT-2020-19906 · Dolibarr · Dolibarr

CVE-2020-7995

Weakness Enumeration

Related Identifiers

Affected Products

References · 13