Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Restriction of Excessive Authentication Attempts in chatwoot/chatwoot
Vulnerability Description
Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \n\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise.
CVSS Information
N/A
Vulnerability Type
过多认证尝试的限制不恰当
Vulnerability Title
chatwoot 安全漏洞
Vulnerability Description
chatwoot是一个应用软件。客户参与套件,对讲、Zendesk、Salesforce 服务云等的开源替代方案。 chatwoot 存在安全漏洞,该漏洞源于对于账户的生成,根据可用的系统资源量,可以在服务器中创建DoS事件,对于登录目录,有可能对任何一个登录门户进行暴力登录尝试,这可能导致帐户泄露。
CVSS Information
N/A
Vulnerability Type
N/A