Improper Restriction of Excessive Authentication Attempts Affecting github.com/greenpau/caddy-security package, versions *
Threat Intelligence
EPSS
0.05% (17th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249864
- published 16 Feb 2024
- disclosed 18 Sep 2023
- credit Maciej Domanski, Travis Peters, David Pokora
Introduced: 18 Sep 2023
CVE-2024-21500 Open this link in a new tabHow to fix?
There is no fixed version for github.com/greenpau/caddy-security
.
Overview
github.com/greenpau/caddy-security is a Security App and Plugin for Caddy v2.
Affected versions of this package are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Although the application blocks the user after several failed attempts to provide 2FA codes, attackers can bypass this blocking mechanism by automating the application’s full multistep 2FA process.
References
CVSS Scores
version 3.1