PT-2022-20934 · Rdiffweb · Rdiffweb

Published

2022-09-13

Updated

2022-09-15

CVE-2022-3179

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions rdiffweb versions prior to 2.4.2

Description The issue is related to weak password requirements. Specifically, versions prior to 2.4.2 have no password policy or password checking, making users vulnerable to brute force password guessing attacks. Version 2.4.2 enforces minimum and maximum password lengths.

Recommendations For versions prior to 2.4.2, update to version 2.4.2 to enforce minimum and maximum password lengths and mitigate the risk of brute force password guessing attacks.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-521

Related Identifiers

CVE-2022-3179

GHSA-MP5P-G2JV-R8QW

PYSEC-2022-272

Affected Products

Rdiffweb

PT-2022-20934 · Rdiffweb · Rdiffweb

CVE-2022-3179

Weakness Enumeration

Related Identifiers

Affected Products

References · 11