Enviar #383228: Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 CWE-307: Improper Restriction of Excessive Authentication Attempinformación

TítuloHorizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 CWE-307: Improper Restriction of Excessive Authentication Attemp
DescripciónNOTE - This submit shall be embargoed until 14:00 CET on 2024-08-01 - NOTE CVE-2024-38888: An issue in Horizon Business Services Inc. Caterease Software allows a local attacker to perform a Password Brute Forcing attack due to improper restriction of excessive authentication attempts. Vulnerability Type: CWE-307: Improper Restriction of Excessive Authentication Attempts Vendor of the Product: Horizon Business Services Inc. Affected Product: Caterease Software Affected Versions: 16.0.1.1663 through 24.0.1.2405 Attack Vector: Local Attack Type: CAPEC-49: Password Brute Forcing Vulnerability Summary: Caterease Software lacks adequate controls to prevent excessive authentication attempts, making it susceptible to brute force attacks. The login mechanism in Caterease Software activates the "OK" button only when a correct password is entered, allowing attackers to test passwords without actually sending them to the server. This design flaw enables attackers to systematically try numerous password combinations until they find the correct one, effectively bypassing standard security measures that should limit failed login attempts. By exploiting this vulnerability, attackers can eventually gain unauthorized access to user accounts, leading to significant security risks. Unauthorized access allows attackers to compromise the confidentiality of user data and perform actions within the application that may compromise data integrity. CVSS Base Score: Medium Risk - 6.8 CVSS v3.1 Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Exploitability Metrics Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None Scope (S): Unchanged Impact Metrics Confidentiality (C): High Integrity (I): Low Availability (A): None
Usuario
 jTag Labs (UID 51246)
Sumisión2024-07-30 16:58 (hace 2 años)
Moderación2024-08-01 14:15 (2 days later)
EstadoAceptado
Entrada de VulDB273372 [Horizon Business Services Caterease hasta 24.0.1.2405 Login divulgación de información]
Puntos17

Interested in the pricing of exploits?

See the underground prices here!