CVE-2023-49810
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha bypass, which can be abused by an attacker to brute force user credentials. An attacker can send a series of HTTP requests to trigger this vulnerability.
Existe una vulnerabilidad de omisión de restricción de intento de inicio de sesión en la funcionalidad checkLoginAttempts de la confirmación maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar la omisión de captcha, que un atacante puede aprovechar para aplicar fuerza bruta a las credenciales de los usuarios. Un atacante puede enviar una serie de solicitudes HTTP para desencadenar esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-12-06 CVE Reserved
- 2024-01-10 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2025-01-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-307: Improper Restriction of Excessive Authentication Attempts
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2023-1898 | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wwbn Search vendor "Wwbn" | Avideo Search vendor "Wwbn" for product "Avideo" | 15fed957fb Search vendor "Wwbn" for product "Avideo" and version "15fed957fb" | - |
Affected
| ||||||