Количество 2
Количество 2
CVE-2023-41879
Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. This issue has been patched in versions 19.5.1 and 20.1.1.
GHSA-9358-cpvx-c2qp
Magento LTS's guest order "protect code" can be brute-forced too easily
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-41879 Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. This issue has been patched in versions 19.5.1 and 20.1.1. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| GHSA-9358-cpvx-c2qp Magento LTS's guest order "protect code" can be brute-forced too easily | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу