PT-2021-17487 · Unknown · Eyesofnetwork

Arianeblow

Published

2021-02-21

Updated

2021-02-26

CVE-2021-27514

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions EyesOfNetwork versions 5.3 through 5.3-10

Description The issue concerns the use of an integer session ID with a length of between 8 and 10 digits, which could potentially be exploited for brute-force authentication bypass.

Recommendations For EyesOfNetwork versions 5.3 through 5.3-10, consider implementing additional authentication measures to mitigate the risk of brute-force attacks, such as account lockout policies or two-factor authentication.

Exploit

Fix

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307

Related Identifiers

CVE-2021-27514

Affected Products

Eyesofnetwork

PT-2021-17487 · Unknown · Eyesofnetwork

CVE-2021-27514

Weakness Enumeration

Related Identifiers

Affected Products

References · 7