GHSA-8wxf-c45w-g66g

Опубликовано: 30 сент. 2022

Источник: github

Github: Прошло ревью

CVSS4: 5.3

CVSS3: 5.4

Описание

rdiffweb vulnerable to password complexity bypass leading to weak passwords

ikus060/rdiffweb prior to 2.4.9 allows a user to set there password to all spaces. While rdiffweb has a password policy requiring passwords to be between 8 and 128 characters, it does not validate the password entropy, allowing users to bypass password complexity requirements with weak passwords. This issue has been fixed in version 2.4.9. No workarounds are known to exist.

Ссылки

Пакеты

Наименование

rdiffweb

pip

Затронутые версииВерсия исправления

< 2.4.9

2.4.9

EPSS

Процентиль: 40%

0.00179

Низкий

5.3 Medium

CVSS4

5.4 Medium

CVSS3

CVE ID

CVE-2022-3326

Дефекты

CWE-521

Связанные уязвимости

CVE-2022-3326

CVSS3: 4.3

nvd

больше 3 лет назад

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9.

CVE-2022-3326

CVSS3: 4.3

debian

больше 3 лет назад

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...

EPSS

Процентиль: 40%

0.00179

Низкий

5.3 Medium

CVSS4

5.4 Medium

CVSS3

CVE ID

CVE-2022-3326

Дефекты

CWE-521