CVE-2022-37144

Published: Sep 8, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. An unauthenticated remote attacker in possession of a valid username and password can bruteforce their way past MFA protections to login as the targeted user.

Affected (1)

Products: Plextrac: Plextrac

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Plextrac Plextrac	Before 1.17.0

Related CWEs

Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References (4)

http://plextrac.com

Source: cve@mitre.org

Product

https://www.controlgap.com/blog/a-plextrac-story

Source: cve@mitre.org

Technical DescriptionThird Party Advisory

http://plextrac.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://www.controlgap.com/blog/a-plextrac-story

Source: af854a3a-2127-422b-91ae-364da2661108

Technical DescriptionThird Party Advisory

Timeline

No history available yet.