Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Restriction of Excessive Authentication Attempts in Sorcery
Vulnerability Description
In Sorcery before 0.15.0, there is a brute force vulnerability when using password authentication via Sorcery. The brute force protection submodule will prevent a brute force attack for the defined lockout period, but once expired, protection will not be re-enabled until a user or malicious actor logs in successfully. This does not affect users that do not use the built-in brute force protection submodule, nor users that use permanent account lockout. This has been patched in 0.15.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Vulnerability Type
过多认证尝试的限制不恰当
Vulnerability Title
Sorcery 安全漏洞
Vulnerability Description
Sorcery是一款身份验证软件包。 Sorcery 0.15.0之前版本中存在安全漏洞,该漏洞源于在锁定时间结束后,只有用户成功登陆,暴力破解攻击保护才会开启 。攻击者可利用该漏洞绕过暴力破解攻击保护。
CVSS Information
N/A
Vulnerability Type
N/A