Improper Restriction of Excessive Authentication Attempts Affecting github.com/greenpau/caddy-security package, versions *


0.0
medium

Snyk CVSS

    Attack Complexity High

    Threat Intelligence

    EPSS 0.05% (14th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249864
  • published 16 Feb 2024
  • disclosed 18 Sep 2023
  • credit Maciej Domanski, Travis Peters, David Pokora

How to fix?

There is no fixed version for github.com/greenpau/caddy-security.

Overview

github.com/greenpau/caddy-security is a Security App and Plugin for Caddy v2.

Affected versions of this package are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Although the application blocks the user after several failed attempts to provide 2FA codes, attackers can bypass this blocking mechanism by automating the application’s full multistep 2FA process.

References