Veracode Vulnerability DatabaseVERACODE:45530Improper Restriction Of Excessive Authentication Attempts
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
7.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.8%
github.com/greenpau/caddy-security is vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). The vulnerability is due to improper 2FA timeout functionality, allowing an attackers to bypass this blocking mechanism by automating the applicationβs full multistep 2FA process.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/greenpau/caddy-security | le | v1.1.23 | |
| github.com/greenpau/caddy-security | le | v1.1.23 |
Related
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
7.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.8%