Weak Password Requirements in modoboa/modoboa
CVE-2023-2160

6.3MEDIUM

Key Information:

Vendor: Modoboa
Status: Modoboa/modoboa
Vendor: CVE Published:; 18 April 2023

What is CVE-2023-2160?

The vulnerability in Modoboa relates to inadequate password complexity requirements, potentially allowing attackers to exploit user credentials. Versions prior to 2.1.0 are affected, prompting users to ensure stronger password policies and consider upgrading to mitigate security risks.

Affected Version(s)

modoboa/modoboa < 2.1.0

References

https://huntr.dev/bounties/54fb6d6a-6b39-45b6-b62a-930260...

https://github.com/modoboa/modoboa/commit/130257c96a2392a...

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Apr 18, 2023

Credit

Ahmed Hassan (ahmedvienna)

Josef Hassan (josefjku)

CVE-2023-2160 Data

JSON