CVE-2023-49810Improper Restriction of Excessive Authentication Attempts in Avideo

CWE-307Improper Restriction of Excessive Authentication Attempts5 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 68.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Wwbn Avideo
Timeline
PublishedJan 10
Latest updateJan 17

Description

A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha bypass, which can be abused by an attacker to brute force user credentials. An attacker can send a series of HTTP requests to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages3 packages

Packagistwwbn/avideo12.4
CVEListV5wwbn/avideodev master commit 15fed957fb
NVDwwbn/avideo15fed957fb

🔴Vulnerability Details

2
OSV
WWBN AVideo Improper Restriction of Excessive Authentication Attempts vulnerability2024-01-10
GHSA
WWBN AVideo Improper Restriction of Excessive Authentication Attempts vulnerability2024-01-10

🕵️Threat Intelligence

2
Talos
Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 20242024-01-17
Talos
Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 20242024-01-17