Количество 3
Количество 3
CVE-2025-34249
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2025-60425.
GHSA-g889-qrp9-qwxw
Nagios Fusion versions prior to 2024R2.1 contain a brute-force bypass in the Two-Factor Authentication (2FA) implementation. The application did not properly enforce rate limiting or account lockout for repeated failed 2FA verification attempts, allowing a remote attacker to repeatedly try second-factor codes for a targeted account. By abusing the lack of enforcement, an attacker could eventually successfully authenticate to accounts protected by 2FA.
BDU:2025-15971
Уязвимость программного средства визуализации рабочего состояния ИТ-инфраструктуры предприятия Nagios Fusion, связанная с недостаточным ограничением попыток аутентификации, позволяющая нарушителю обойти существующие ограничения безопасности
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-34249 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2025-60425. | 3 месяца назад | ||
| GHSA-g889-qrp9-qwxw Nagios Fusion versions prior to 2024R2.1 contain a brute-force bypass in the Two-Factor Authentication (2FA) implementation. The application did not properly enforce rate limiting or account lockout for repeated failed 2FA verification attempts, allowing a remote attacker to repeatedly try second-factor codes for a targeted account. By abusing the lack of enforcement, an attacker could eventually successfully authenticate to accounts protected by 2FA. | CVSS3: 9.8 | 3 месяца назад | |
 | BDU:2025-15971 Уязвимость программного средства визуализации рабочего состояния ИТ-инфраструктуры предприятия Nagios Fusion, связанная с недостаточным ограничением попыток аутентификации, позволяющая нарушителю обойти существующие ограничения безопасности | CVSS3: 9.8 | 3 месяца назад |
Уязвимостей на страницу