Vulnerabilities > CVE-2017-15887 - Improper Restriction of Excessive Authentication Attempts vulnerability in Synology Carddav Server

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
synology
CWE-307
NVD
Published: 2017-11-07
Updated: 2019-10-09

Summary

An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack.

Vulnerable Configurations

Part Description Count
Application
Synology
11

Common Weakness Enumeration (CWE)

References