PT-2024-13804 · Wwbn · Avideo
Claudio Bozzato
·
Published
2024-01-10
·
Updated
2024-01-17
·
CVE-2023-49810
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
WWBN AVideo dev master commit 15fed957fb
Description
A login attempt restriction bypass issue exists in the
checkLoginAttempts functionality. This can be triggered by a specially crafted HTTP request, leading to captcha bypass. An attacker can exploit this to brute force user credentials by sending a series of HTTP requests.Recommendations
For WWBN AVideo dev master commit 15fed957fb, as a temporary workaround, consider disabling the
checkLoginAttempts functionality until a patch is available. Restrict access to the login functionality to minimize the risk of exploitation. Avoid using the login feature in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avideo