PT-2021-14426 · Ratcf · Ratcf

0Xadap

Published

2021-03-08

Updated

2021-03-12

CVE-2021-21329

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions RATCF versions prior to the version including commit cebb67b

Description RATCF is an open-source framework for hosting Cyber-Security Capture the Flag events. In affected versions of RATCF, users with multi-factor authentication enabled are able to log in without a valid token.

Recommendations For versions prior to the version including commit cebb67b, update to a version that includes the fix commit cebb67b to resolve the issue. As a temporary workaround, consider disabling multi-factor authentication until the patch is applied. Restrict access to the login functionality to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2021-21329

GHSA-FW57-F7MQ-9Q85

Affected Products

Ratcf

PT-2021-14426 · Ratcf · Ratcf

CVE-2021-21329

Weakness Enumeration

Related Identifiers

Affected Products

References · 6