Описание
rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks
rdiffweb prior to 2.5.0a4 does not have a rate limit to prevent attackers attempting brute force attacks to guess passwords. Version 2.5.0a4 limits the number of incorrect password attempts.
Пакеты
Наименование
rdiffweb
pip
Затронутые версииВерсия исправления
< 2.5.0
2.5.0
Связанные уязвимости
CVSS3: 9.8
nvd
больше 3 лет назад
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.
CVSS3: 9.8
debian
больше 3 лет назад
Allocation of Resources Without Limits or Throttling in GitHub reposit ...