Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-1665 PoC — Improper Restriction of Excessive Authentication Attempts in linagora/twake

Source
https://github.com/0xsu3ks/CVE-2023-1665
Associated Vulnerability
Title:Improper Restriction of Excessive Authentication Attempts in linagora/twake (CVE-2023-1665)
Description:Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 0.0.0.
Description
CVE-2023-1665 - Twake App
Readme
# CVE-2023-1665 Brute Force on Twake App (Open Source Version of Microsoft Teams) < v2023.Q1.1223
***

## CVSS: 7.8

Collaboration App, Twake (https://twake.app) before versions v2023.Q1.1223 does not restrict unauthenticated login attempts allowing for brute force attacks at the login page.

At the time of this report Twake has over 1 million Docker Pulls (source: https://github.com/linagora/Twake)

- https://www.cve.org/CVERecord?id=CVE-2023-1665

- https://nvd.nist.gov/vuln/detail/CVE-2023-1665

## Submitted through platform huntr.dev

- https://www.huntr.dev/bounties/db8fcbab-6ef0-44ba-b5c6-3b0f17ca22a2/

Vulnerability discovered and reported by Kevin Suckiel (@0xsu3ks) January, 2023.
File Snapshot

 [4.0K]  /data/pocs/36cdca1494241c37a89f4453edc8b20d333fb658
└── [ 700]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →