Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-1665 PoC — Twake 安全漏洞

Source
https://github.com/0xsu3ks/CVE-2023-1665
Associated Vulnerability
Title:Twake 安全漏洞 (CVE-2023-1665)
Description:Twake是LINAGORA开源的一个安全的开源协作平台,可提高组织生产力。 linagora/twake 2022.Q4.1120版本存在安全漏洞,该漏洞源于在登录页面上没有针对暴力攻击的保护。
Description
CVE-2023-1665 - Twake App
Readme
# CVE-2023-1665 Brute Force on Twake App (Open Source Version of Microsoft Teams) < v2023.Q1.1223
***

## CVSS: 7.8

Collaboration App, Twake (https://twake.app) before versions v2023.Q1.1223 does not restrict unauthenticated login attempts allowing for brute force attacks at the login page.

At the time of this report Twake has over 1 million Docker Pulls (source: https://github.com/linagora/Twake)

- https://www.cve.org/CVERecord?id=CVE-2023-1665

- https://nvd.nist.gov/vuln/detail/CVE-2023-1665

## Submitted through platform huntr.dev

- https://www.huntr.dev/bounties/db8fcbab-6ef0-44ba-b5c6-3b0f17ca22a2/

Vulnerability discovered and reported by Kevin Suckiel (@0xsu3ks) January, 2023.
File Snapshot

 [4.0K]  /data/pocs/36cdca1494241c37a89f4453edc8b20d333fb658
└── [ 700]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.