rdiffweb contains Weak Password Requirements

GHSA-mp5p-g2jv-r8qw · CVE-2022-3179 · PYSEC-2022-272

Published Sep 14, 2022 · Modified Oct 25, 2024

Description

rdiffweb version 2.4.1 has no password policy or password checking, which could make users vulnerable to brute force password guessing attacks. Version 2.4.2 enforces minimum and maximum password lengths.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-3179
WEB https://github.com/ikus060/rdiffweb/commit/233befc33bdc45d4838c773d5aed4408720504c5
ADVISORY https://github.com/advisories/GHSA-mp5p-g2jv-r8qw
PACKAGE https://github.com/ikus060/rdiffweb
WEB https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-272.yaml
WEB https://huntr.dev/bounties/58eae29e-3619-449d-9bba-fdcbabcba5fe

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes