Vulnerabilities > CVE-2020-29042 - Improper Restriction of Excessive Authentication Attempts vulnerability in Bigbluebutton 2.2.26

CVSS 3.7 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

high complexity

bigbluebutton

CWE-307

NVD

Published: 2020-11-26

Updated: 2020-11-29

Summary

An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code.

Vulnerable Configurations

Part	Description	Count
Application	Bigbluebutton Bigbluebutton Bigbluebutton 2.2.26	1

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://cxsecurity.com/issue/WLB-2020110210
https://github.com/bigbluebutton/bigbluebutton/releases
http://packetstormsecurity.com/files/160238/BigBlueButton-2.2.29-Brute-Force.html