إرسال #383228: Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 CWE-307: Improper Restriction of Excessive Authentication Attempالمعلومات

عنوان	Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 CWE-307: Improper Restriction of Excessive Authentication Attemp
الوصف	NOTE - This submit shall be embargoed until 14:00 CET on 2024-08-01 - NOTE CVE-2024-38888: An issue in Horizon Business Services Inc. Caterease Software allows a local attacker to perform a Password Brute Forcing attack due to improper restriction of excessive authentication attempts. Vulnerability Type: CWE-307: Improper Restriction of Excessive Authentication Attempts Vendor of the Product: Horizon Business Services Inc. Affected Product: Caterease Software Affected Versions: 16.0.1.1663 through 24.0.1.2405 Attack Vector: Local Attack Type: CAPEC-49: Password Brute Forcing Vulnerability Summary: Caterease Software lacks adequate controls to prevent excessive authentication attempts, making it susceptible to brute force attacks. The login mechanism in Caterease Software activates the "OK" button only when a correct password is entered, allowing attackers to test passwords without actually sending them to the server. This design flaw enables attackers to systematically try numerous password combinations until they find the correct one, effectively bypassing standard security measures that should limit failed login attempts. By exploiting this vulnerability, attackers can eventually gain unauthorized access to user accounts, leading to significant security risks. Unauthorized access allows attackers to compromise the confidentiality of user data and perform actions within the application that may compromise data integrity. CVSS Base Score: Medium Risk - 6.8 CVSS v3.1 Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Exploitability Metrics Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None Scope (S): Unchanged Impact Metrics Confidentiality (C): High Integrity (I): Low Availability (A): None
المستخدم	jTag Labs (UID 51246)
ارسال	30/07/2024 04:58 PM (2 سنوات منذ)
الاعتدال	01/08/2024 02:15 PM (2 days later)
الحالة	تمت الموافقة
إدخال VulDB	273372 [Horizon Business Services Caterease حتى 24.0.1.2405 Login الكشف عن المعلومات]
النقاط	17

التالي ▸نظرة عامة ◂ السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!