CVE-2022-3273

Name of the Vulnerable Software and Affected Versions rdiffweb versions prior to 2.5.0a4

Description The issue concerns the allocation of resources without limits or throttling, which can be exploited for brute force attacks to guess passwords. There is no rate limit to prevent attackers from attempting multiple incorrect password attempts. It is estimated that this could potentially affect a significant number of devices worldwide, although the exact number is not specified.

Recommendations For versions prior to 2.5.0a4, update to version 2.5.0a4 or later to implement a limit on the number of incorrect password attempts, preventing brute force attacks.