Improper Restriction of Excessive Authentication Attempts in modoboa/modoboa-installer
CVE-2023-0860
7.5HIGH
Key Information:
- Vendor
Modoboa
- Vendor
- CVE Published:
- 16 February 2023
Badges
๐พ Exploit Exists๐ก Public PoC
What is CVE-2023-0860?
The Modoboa Installer before version 2.0.4 is susceptible to improper restriction of excessive authentication attempts, allowing potential attackers to exploit the system by overwhelming it with login requests. This vulnerability can lead to unauthorized access and compromise the integrity of user accounts, stressing the need for proper authentication controls to defend against credential stuffing and brute-force attacks.
Affected Version(s)
modoboa/modoboa-installer < 2.0.4
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
CVSS V3.0
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved