CVE-2024-41682

Name of the Vulnerable Software and Affected Versions Location Intelligence family versions prior to V4.4

Description A vulnerability has been identified in the Location Intelligence family, where affected products do not properly enforce restrictions on excessive authentication attempts. This could allow an unauthenticated remote attacker to conduct brute force attacks against legitimate user passwords. The issue is related to insufficient limitation of authentication attempts, which may enable an attacker to perform a brute force attack.

Recommendations For versions prior to V4.4, update to version V4.4 or later to resolve the issue. As a temporary workaround, consider implementing additional authentication attempt restrictions or rate limiting to minimize the risk of exploitation. Restrict access to authentication endpoints to reduce the likelihood of brute force attacks.