Vulnerabilities > CVE-2018-11082 - Improper Restriction of Excessive Authentication Attempts vulnerability in Pivotal Software Cloudfoundry UAA and Cloudfoundry UAA Release
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user.