| 제목 | GitHub OpnForm 1.9.3 Authentication Bypass by Spoofing |
|---|
| 설명 | Title: Login Form Susceptible to Brute-Force Protection Bypass
Description: Brute-force protections can be bypassed by adding an X-Forwarded-For header, spoofing the attacker’s IP address.
The vulnerability has confirmed by the vendor to have been patched in v1.9.3 main branch with commit 11e99960e14ca986b1a001a56e7533223d2cfa5b.
Please see the attached Google Doc link for more information under 8. Login Form Susceptible to Brute-Force Protection Bypass and the Response from the Vendor section for more detail.
Vulnerable version: https://github.com/JhumanJ/OpnForm/tree/v1.9.3
Patched Commit: https://github.com/JhumanJ/OpnForm/pull/900/commits/11e99960e14ca986b1a001a56e7533223d2cfa5b |
|---|
| 원천 | ⚠️ https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.va2ituwwqcf3 |
|---|
| 사용자 | balejin (UID 89385) |
|---|
| 제출 | 2025. 10. 01. PM 09:09 (9 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 07. PM 03:17 (6 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 327378 [JhumanJ OpnForm 까지 1.9.3 HTTP Header X-Forwarded-For 정보 공개] |
|---|
| 포인트들 | 20 |
|---|