关联漏洞
介绍
# CVE-2025-56221 Improper Restriction of Excessive Authentication Attempts
Description
An attacker can make unlimited authentication attempts, increasing the risk of compromising targeted user accounts through password guessing.
------------------------------------------
CVSS Score: 7.5 (High)
------------------------------------------
Attack Type
* Remote (Authenticated)
------------------------------------------
Affected Versions
* Versions before <= 8.6.8
------------------------------------------
Vendor of Product
* Ascertia
------------------------------------------
Affected Product Code Base
* SigningHub
------------------------------------------
Affected Component
* Authentication API (/authenticate).
------------------------------------------
Mitigations
* Implement rate-limit/cooldown period for the authentication API.
------------------------------------------
Vulnerability Details
* The authentication API does not enforce rate limiting on login attempts, allowing an attacker to repeatedly try different password combinations without restriction. This can lead to brute-force attacks, where an attacker systematically guesses user credentials to gain unauthorized access to accounts.
Without proper rate limiting or account lockout mechanisms, the system becomes highly susceptible to automated attacks, especially when combined with leaked or commonly used passwords.
------------------------------------------
Fixed versions
* Versions after > 8.6.8
------------------------------------------
Discovered By:
* Yazan Abu-Nadi
文件快照
[4.0K] /data/pocs/55e30e5c407ab7827ba7ef50de112f5bf1936854
└── [1.6K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。