Brute-Forcing of Second Factor Mechanisms via Improper Restriction of Authentication Attempts
CVE-2024-28833

7.5HIGH

Key Information:

Vendor: Checkmk Gmbh
Status: Checkmk
Vendor: CVE Published:; 10 June 2024

Summary

The vulnerability in Checkmk pertains to improper restriction of excessive authentication attempts whereby attackers can exploit weaknesses in the two-factor authentication process. Versions of Checkmk prior to 2.3.0p6 are susceptible to brute-force attacks against the second factor, allowing unauthorized access intentions to circumvent normal security controls. This flaw underscores the necessity for robust authentication protocols and stricter limits on login attempts to thwart potential exploitation.

Affected Version(s)

Checkmk 2.3.0 < 2.3.0p6

References

https://checkmk.com/werk/16830

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 10, 2024
Vulnerability Reserved
Mar 11, 2024

Credit

PS Positive Security GmbH