PT-2023-26052 · Unknown · Uvdesk Community Skeleton
Published
2023-10-23
·
Updated
2023-10-30
·
CVE-2023-37635
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
UVDesk Community Skeleton version 1.1.1
Description
The issue allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application. This can be done through the login page, allowing attackers to potentially gain unauthorized access.
Recommendations
For UVDesk Community Skeleton version 1.1.1, consider implementing rate limiting or IP blocking on the login page to prevent brute force attacks until a patch is available. As a temporary workaround, restrict access to the login page to minimize the risk of exploitation.
Exploit
Fix
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Uvdesk Community Skeleton