CVE-2024-38488

Name of the Vulnerable Software and Affected Versions Dell RecoverPoint for Virtual Machines version 6.0.x

Description The issue is related to insufficient restriction of authentication attempts, allowing a remote attacker to perform a brute force attack. This could lead to a complete system compromise, enabling attackers to brute-force the password of valid users in an automated manner. The vulnerability can be exploited by a network attacker, potentially resulting in a dictionary attack against the RecoverPoint login form.

Recommendations For version 6.0.x, consider restricting access to the login form to minimize the risk of exploitation. As a temporary workaround, implement additional authentication measures, such as rate limiting or IP blocking, to prevent brute force attacks. Update to a newer version that addresses the improper restriction of excessive authentication vulnerability when available.