Vulnerabilities > CVE-2014-9006 - Credentials Management vulnerability in Monstra
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Common Weakness Enumeration (CWE)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/129082/monstra-bypass.txt |
| id | PACKETSTORM:129082 |
| last seen | 2016-12-05 |
| published | 2014-11-12 |
| reporter | Paulos Yibelo |
| source | https://packetstormsecurity.com/files/129082/Monstra-3.0.1-Bruteforce-Mitigation-Bypass.html |
| title | Monstra 3.0.1 Bruteforce Mitigation Bypass |