New: Corgea AI Pentesting — autonomous penetration testing in hours, not weeks
HIGH 7.5 PyPI

No protection against brute-force attacks on login page

GHSA-7968-h4m4-ghm9 · CVE-2023-25156

Published · Modified

Description

Impact

Previous versions of Kiwi TCMS do not impose rate limits which makes it easier to attempt brute-force attacks against the login page.

Patches

Users should upgrade to v12.0 or later.

Workarounds

Users may install and configure a rate-limiting proxy in front of Kiwi TCMS. For example nginx.

References

Disclosed by spyata

Ready to move

Start Securing

Free, no credit card | First findings in minutes