EPSS
Percentile
41.1%
rdiffweb uses weak password requirements. The vulnerability exists because there’s no policy or any checks for password which allows an attacker to get access to all user’s accounts with weak password by bruteforce attack.
github.com/advisories/GHSA-mp5p-g2jv-r8qw
github.com/ikus060/rdiffweb/commit/233befc33bdc45d4838c773d5aed4408720504c5
huntr.dev/bounties/58eae29e-3619-449d-9bba-fdcbabcba5fe
huntr.dev/bounties/58eae29e-3619-449d-9bba-fdcbabcba5fe/