CVE-2022-40306

Name of the Vulnerable Software and Affected Versions ECi Printanista Hub (formerly FMAudit Printscout) versions prior to 5.5.2

Description The login form "/Login" performs expensive RSA key-generation operations, which allows attackers to cause a denial of service (DoS) by requesting that form repeatedly. This issue is related to the API endpoint "/Login" and can be exploited by repeatedly requesting this endpoint.

Recommendations For versions prior to 5.5.2, update to version 5.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/Login" endpoint to minimize the risk of exploitation.