oss-sec mailing list archives
web2py: CVE-2016-10321: does not check if a host is denied before verifying passwords
From: Salvatore Bonaccorso <carnil () debian org>
Date: Mon, 10 Apr 2017 17:08:12 +0200
Hi CVE-2016-10321 was assigned (via cveform.mitre.org) to the following issue in web2py: web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks. Fixing commit: https://github.com/web2py/web2py/commit/944d8bd8f3c5cf8ae296fc03d149056c65358426 Regards, Salvatore
Current thread:
- web2py: CVE-2016-10321: does not check if a host is denied before verifying passwords Salvatore Bonaccorso (Apr 10)