Pterodactyl Wings's websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks under certain circumstances

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these sockets, causing an excessive volume of data over the network and overloading the host system memory and cpu. Additionally, there is not a limit applied to the total size of messages being sent or received, allowing a malicious user to open thousands of websocket connections and then send massive volumes of information over the socket, overloading the host network, and causing increased CPU and memory load within Wings. Version 1.12.0 patches the issue.

N/A

未加控制的资源消耗(资源穷尽)

Pterodactyl Panel 安全漏洞

Pterodactyl Panel是Pterodactyl开源的一个免费的开源游戏服务器管理面板。 Pterodactyl Panel 1.12.0之前版本存在安全漏洞，该漏洞源于WebSocket缺乏适当的速率限制和节流以及对消息总大小没有限制，可能导致恶意用户打开大量连接并发送大量数据，造成主机系统内存、CPU和网络过载。

N/A

N/A