CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The web application lacks control over the login attempts. This vulnerability allows attackers to get super user-level access over the server. Version 0.4.7 contains a patch for this issue.
References
Configurations
No configuration.
History
06 Mar 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-06 18:15
Updated : 2024-03-06 21:42
NVD link : CVE-2024-24767
Mitre link : CVE-2024-24767
CVE.ORG link : CVE-2024-24767
JSON object : View
Products Affected
No product.
CWE
CWE-307
Improper Restriction of Excessive Authentication Attempts