Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Runtipi has a TOTP two-factor authentication bypass via unrestricted brute-force on `/api/auth/verify-totp`
Vulnerability Description
Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials (via phishing, credential stuffing, or data breach) can brute-force the 6-digit TOTP code to completely bypass two-factor authentication. The TOTP verification session persists for 24 hours (default cache TTL), providing an excessive window during which the full 1,000,000-code keyspace (000000–999999) can be exhausted. At practical request rates (~500 req/s), the attack completes in approximately 33 minutes in the worst case. This vulnerability is fixed in 4.8.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
过多认证尝试的限制不恰当
Vulnerability Title
Runtipi 安全漏洞
Vulnerability Description
Runtipi是Runtipi开源的一个家庭服务器编排器。 Runtipi 4.8.1之前版本存在安全漏洞,该漏洞源于/api/auth/verify-totp端点未强制执行任何速率限制或账户锁定机制,可能导致攻击者暴力破解6位TOTP代码以完全绕过双因素身份验证。
CVSS Information
N/A
Vulnerability Type
N/A