Описание
Raneto v0.17.0 employs weak password complexity requirements
Raneto v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. Version 0.17.1 contains security mitigations for this and other vulnerabilities.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-35143
- https://github.com/ryanlelek/Raneto/pull/370
- https://github.com/ryanlelek/Raneto/commit/55e442c9bc67b845094e14ceb228e95c639595be
- https://cwe.mitre.org/data/definitions/521.html
- https://gainsec.com/2022/08/04/cve-2022-35142-cve-2022-35143-cve-2022-35144
- https://github.com/gilbitron/Raneto/releases
- https://github.com/ryanlelek/Raneto/releases/tag/0.17.1
- http://raneto.com
Пакеты
Наименование
raneto
npm
Затронутые версииВерсия исправления
<= 0.17.0
0.17.1
Связанные уязвимости
CVSS3: 9.8
nvd
больше 3 лет назад
Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks.