Checkmk Vulnerability: Improper Restriction of Authentication Attempts
CVE-2024-28825
9.8CRITICAL
Summary
The vulnerability in Checkmk arises from improper restrictions placed on excessive authentication attempts across several authentication methods. This flaw, present in versions prior to 2.3.0b5, 2.2.0p26, and 2.1.0p43, as well as the end-of-life version 2.0.0, enables malicious actors to exploit the system through password brute-forcing attacks. Organizations using these versions of Checkmk are advised to implement additional security measures and upgrade to safeguarded versions to mitigate the risk of potential unauthorized access.
Affected Version(s)
Checkmk 2.3.0 < 2.3.0b5
Checkmk 2.2.0 < 2.2.0p26
Checkmk 2.1.0 < 2.1.0p43
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved