Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.7
CVSSv3

CVE-2023-47111

Published: 08/11/2023 Updated: 16/11/2023
CVSS v3 Base Score: 3.7 | Impact Score: 1.4 | Exploitability Score: 2.2
VMScore: 0
Subscribe to Zitadel

Vulnerability Summary

ZITADEL provides identity infrastructure. ZITADEL provides administrators the possibility to define a `Lockout Policy` with a maximum amount of failed password check attempts. On every failed password check, the amount of failed checks is compared against the configured maximum. Exceeding the limit, will lock the user and prevent further authentication. In the affected implementation it was possible for an malicious user to start multiple parallel password checks, giving him the possibility to try out more combinations than configured in the `Lockout Policy`. This vulnerability has been patched in versions 2.40.5 and 2.38.3.

Vulnerable Product Search on Vulmon Subscribe to Product

zitadel zitadel

References

CWE-362https://github.com/zitadel/zitadel/security/advisories/GHSA-7h8m-vrxx-vr4mhttps://github.com/zitadel/zitadel/commit/22e2d5599918864877e054ebe82fb834a5aa1077https://github.com/zitadel/zitadel/releases/tag/v2.38.3https://github.com/zitadel/zitadel/releases/tag/v2.40.5https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook