PT-2020-20040 · Unknown+1 · Preferred Providers App+1

Faeeq24

·

Published

2020-10-05

·

Updated

2020-10-20

·

CVE-2020-8228

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions Preferred Providers app version 1.7.0
Description A missing rate limit in the Preferred Providers app allowed an attacker to set the password an uncontrolled amount of times.
Recommendations For version 1.7.0, consider implementing a rate limit on password setting to prevent exploitation until a patch is available.

Exploit

Fix

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-307CWE-840

Related Identifiers

CVE-2020-8228
OPENSUSE-SU-2020:1652-1
OPENSUSE-SU-2020_1652-1

Affected Products

Preferred Providers App
Suse