Lucene search
GitHub Advisory DatabaseGHSA-MP5P-G2JV-R8QWHistorySep 14, 2022 - 12:00 a.m.
rdiffweb 2.4.1 contains Weak Password Requirements
2022-09-1400:00:43
CWE-521
GitHub Advisory Database
github.com
11
rdiffweb
version 2.4.1
weak password
brute force
version 2.4.2
password length
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
41.1%
rdiffweb version 2.4.1 has no password policy or password checking, which could make users vulnerable to brute force password guessing attacks. Version 2.4.2 enforces minimum and maximum password lengths.
Affected configurations
Node
rdiffwebrdiffwebMatch2.4.1
Related
prion
prion
Default credentials
2022-09-13 17:15:00
cve
cve
CVE-2022-3179
2022-09-13 17:15:08
cvelist
cvelist
CVE-2022-3179 Weak Password Requirements in ikus060/rdiffweb
2022-09-13 16:35:09
veracode
veracode
Weak Password Requirements
2022-09-14 05:52:54
nvd
nvd
CVE-2022-3179
2022-09-13 17:15:08
osv
osv
rdiffweb 2.4.1 contains Weak Password Requirements
2022-09-14 00:00:43
PYSEC-2022-272
2022-09-13 17:15:00
CVE-2022-3179
2022-09-13 17:15:08
huntr
huntr
Password can be set extremely weak
2022-09-09 08:02:42
fedora
fedora
[SECURITY] Fedora 36 Update: python-bottle-0.12.21-2.fc36
2022-06-22 00:48:23
nessus
nessus
Amazon Linux 2023 : python3-bottle (ALAS2023-2023-082)
2023-03-21 00:00:00
Amazon Linux 2022 : (ALAS2022-2022-205)
2022-11-04 00:00:00
openvas
openvas
Fedora: Security Advisory for python-bottle (FEDORA-2022-cc9a173168)
2022-06-22 00:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
41.1%
Related for GHSA-MP5P-G2JV-R8QW