CVE-2022-37145

Published: Sep 8, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an attempt to obtain valid credentials for the platform users configured to use the PlexTrac authentication provider.

Affected (1)

Products: Plextrac: Plextrac

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Plextrac Plextrac	Before 1.17.0

Related CWEs

Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References (4)

http://plextrac.com

Source: cve@mitre.org

Product

https://www.controlgap.com/blog/a-plextrac-story

Source: cve@mitre.org

Technical DescriptionThird Party Advisory

http://plextrac.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://www.controlgap.com/blog/a-plextrac-story

Source: af854a3a-2127-422b-91ae-364da2661108

Technical DescriptionThird Party Advisory

Timeline

No history available yet.