PT-2023-20767 · Froxlor · Froxlor

Published

2023-05-12

Updated

2023-05-19

CVE-2023-2666

CVSS v3.1

6.8

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Froxlor versions prior to 2.0.16

Description The issue concerns the allocation of resources without limits or throttling, specifically on the password reset page, which lacks a rate limit. This could potentially lead to abuse or exploitation.

Recommendations For versions prior to 2.0.16, update to version 2.0.16 or later to resolve the issue. As a temporary workaround, consider implementing a rate limit on the password reset page to minimize the risk of exploitation. Restrict access to the password reset functionality to prevent abuse until the update can be applied.

Exploit

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CVE-2023-2666

GHSA-4GM9-C9JQ-G523

Affected Products

Froxlor

PT-2023-20767 · Froxlor · Froxlor

CVE-2023-2666

Weakness Enumeration

Related Identifiers

Affected Products

References · 7