PT-2021-11589 · Fluxbb · Fluxbb

Published

2021-03-17

Updated

2021-03-22

CVE-2020-28873

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Fluxbb version 1.5.11

Description: The issue is a denial of service (DoS) vulnerability that can be triggered by sending an extremely long password via the user login form. This causes CPU and memory exhaustion on the server due to the password hashing process.

Recommendations: For Fluxbb version 1.5.11, consider temporarily restricting the length of passwords that can be submitted through the user login form to prevent CPU and memory exhaustion until a patch is available.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-916

Related Identifiers

CVE-2020-28873

Affected Products

Fluxbb

PT-2021-11589 · Fluxbb · Fluxbb

CVE-2020-28873

Weakness Enumeration

Related Identifiers

Affected Products

References · 6