Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PasswordPusher < 2.9.2 Passphrase Brute-Force via Unthrottled Endpoint
Vulnerability Description
PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route-specific rate limiting and per-push lockout mechanisms. Attackers who know a push token can systematically guess passphrases at 120 attempts per minute without triggering any push-level defense, making short or dictionary-derived passphrases practically recoverable within hours or days.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
过多认证尝试的限制不恰当
Vulnerability Title
pglombardo PasswordPusher 授权问题漏洞
Vulnerability Description
pglombardo PasswordPusher是pglombardo的密码推送工具。 pglombardo PasswordPusher 2.9.2之前版本存在授权问题漏洞,该漏洞源于POST /p/:token/access端点缺少路由特定的速率限制和每次推送锁定机制,可能导致知道推送令牌的攻击者系统性地猜测口令,每小时最多120次尝试,而不会触发任何推送级别的防御,使得短口令或基于字典的口令在数小时或数天内可被实际恢复。
CVSS Information
N/A
Vulnerability Type
N/A