CVE-2022-2822

Name of the Vulnerable Software and Affected Versions OctoPrint versions 1.7.3 and prior

Description The issue is related to insufficient restriction of authentication attempts, allowing a remote attacker to bypass security restrictions using a brute force attack. This can enable an attacker to freely brute force username and password, taking over any account, including user and administrative accounts. The severity of this issue is limited by OctoPrint normally running in a restricted LAN.

Recommendations For OctoPrint versions 1.7.3 and prior, consider updating to a version that includes rate limiting on the login page, such as versions from the devel and maintenance branches of the repository, which limit the rate of failed login attempts. As a temporary workaround, consider restricting access to the login page to minimize the risk of exploitation.