CVE-2023-40834

Name of the Vulnerable Software and Affected Versions OpenCart CMS version 4.0.2.2

Description The issue is related to a lack of protection against excessive login attempts on the login page, allowing unauthenticated attackers to perform a brute force attack to gain access to the application. This attack targets the password parameter. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For OpenCart CMS version 4.0.2.2, consider implementing a protective mechanism against excessive login attempts, such as rate limiting or account lockout policies, to prevent brute force attacks. As a temporary workaround, consider restricting access to the login page or implementing additional authentication factors until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.