Vulnerabilities > CVE-2014-9006 - Credentials Management vulnerability in Monstra
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Common Weakness Enumeration (CWE)
Packetstorm
data source | https://packetstormsecurity.com/files/download/129082/monstra-bypass.txt |
id | PACKETSTORM:129082 |
last seen | 2016-12-05 |
published | 2014-11-12 |
reporter | Paulos Yibelo |
source | https://packetstormsecurity.com/files/129082/Monstra-3.0.1-Bruteforce-Mitigation-Bypass.html |
title | Monstra 3.0.1 Bruteforce Mitigation Bypass |