Vulnerabilities > CVE-2020-15115
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 29 | |
OS | 1 |
References
- https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh
- https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/