CVE-2024-7292

Name of the Vulnerable Software and Affected Versions In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.806)

Description A credential stuffing attack is possible through improper restriction of excessive login attempts. This issue allows attackers to attempt multiple logins without being properly restricted, potentially leading to unauthorized access.

Recommendations For In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.806), update to version 2024 Q3 (10.2.24.806) or later to resolve the issue. As a temporary workaround, consider implementing additional security measures to restrict excessive login attempts, such as rate limiting or IP blocking, until a patch is applied.