5.0.2
6 years ago
11 days ago
Known vulnerabilities in the vantage6 package. This does not include vulnerabilities belonging to this package’s dependencies.
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
vantage6 is a vantage6 command line interface Affected versions of this package are vulnerable to Information Exposure due to the use of default credentials for the initial administrative account. An attacker can gain unauthorized administrative access by logging in with the known default username and password. How to fix Information Exposure? Upgrade | [,5.0.0) |
vantage6 is a vantage6 command line interface Affected versions of this package are vulnerable to Access Control Bypass due to improper restrictions in the How to fix Access Control Bypass? Upgrade | [,5.0.0) |
vantage6 is a vantage6 command line interface Affected versions of this package are vulnerable to Denial of Service (DoS) through the email reset process. An attacker can cause a user's mailbox to be flooded with emails and potentially impact the SMTP server by repeatedly triggering password or MFA reset requests. How to fix Denial of Service (DoS)? Upgrade | [,5.0.0) |
vantage6 is a vantage6 command line interface Affected versions of this package are vulnerable to Use of Single-factor Authentication through the password reset and 2FA token reset processes. An attacker can gain unauthorized access to user accounts by compromising the associated email account and using it to reset both the password and the 2FA token, effectively bypassing multi-factor authentication. How to fix Use of Single-factor Authentication? Upgrade | [,5.0.0) |