Vulnerabilities > CVE-2022-3741 - Improper Restriction of Excessive Authentication Attempts vulnerability in Chatwoot

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

chatwoot

CWE-307

critical

NVD

Published: 2022-10-28

Updated: 2022-11-01

Summary

Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \n\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise.

Vulnerable Configurations

Part	Description	Count
Application	Chatwoot Chatwoot Chatwoot 0.1.0 Chatwoot Chatwoot 1.0.0 Chatwoot Chatwoot 1.0.1 Chatwoot Chatwoot 1.0.2 Chatwoot Chatwoot 1.0.3 Chatwoot Chatwoot 1.1.0 Chatwoot Chatwoot 1.1.1 Chatwoot Chatwoot 1.1.2 Chatwoot Chatwoot 1.1.3 Chatwoot Chatwoot 1.2.0 Chatwoot Chatwoot 1.2.1 Chatwoot Chatwoot 1.2.2 Chatwoot Chatwoot 1.2.3 Chatwoot Chatwoot 1.2.4 Chatwoot Chatwoot 1.3.0 Chatwoot Chatwoot 1.4.0 Chatwoot Chatwoot 1.4.1 Chatwoot Chatwoot 1.4.2 Chatwoot Chatwoot 1.5.0 Chatwoot Chatwoot 1.5.1 Chatwoot Chatwoot 1.5.2 Chatwoot Chatwoot 1.5.3 Chatwoot Chatwoot 1.6.0 Chatwoot Chatwoot 1.6.1 Chatwoot Chatwoot 1.6.2 Chatwoot Chatwoot 1.6.3 Chatwoot Chatwoot 1.7.0 Chatwoot Chatwoot 1.7.1 Chatwoot Chatwoot 1.7.2 Chatwoot Chatwoot 1.8.0 Chatwoot Chatwoot 1.9.0 Chatwoot Chatwoot 1.10.0 Chatwoot Chatwoot 1.11.0 Chatwoot Chatwoot 1.11.1 Chatwoot Chatwoot 1.12.0 Chatwoot Chatwoot 1.12.1 Chatwoot Chatwoot 1.12.2 Chatwoot Chatwoot 1.13.0 Chatwoot Chatwoot 1.13.1 Chatwoot Chatwoot 1.14.0 Chatwoot Chatwoot 1.14.1 Chatwoot Chatwoot 1.14.2 Chatwoot Chatwoot 1.14.3 Chatwoot Chatwoot 1.15.0 Chatwoot Chatwoot 1.15.1 Chatwoot Chatwoot 1.16.1 Chatwoot Chatwoot 1.16.2 Chatwoot Chatwoot 1.17.0 Chatwoot Chatwoot 1.17.1 Chatwoot Chatwoot 1.18.0 Chatwoot Chatwoot 1.18.1 Chatwoot Chatwoot 1.18.2 Chatwoot Chatwoot 1.19.0 Chatwoot Chatwoot 1.20.0 Chatwoot Chatwoot 1.21.0 Chatwoot Chatwoot 1.21.1 Chatwoot Chatwoot 1.22.0 Chatwoot Chatwoot 1.22.1 Chatwoot Chatwoot 2.0.0 Chatwoot Chatwoot 2.0.1 Chatwoot Chatwoot 2.0.2 Chatwoot Chatwoot 2.1.0 Chatwoot Chatwoot 2.1.1 Chatwoot Chatwoot 2.2.0 Chatwoot Chatwoot 2.2.1 Chatwoot Chatwoot 2.3.0 Chatwoot Chatwoot 2.3.1 Chatwoot Chatwoot 2.3.2 Chatwoot Chatwoot 2.4.0 Chatwoot Chatwoot 2.4.1 Chatwoot Chatwoot 2.5.0 Chatwoot Chatwoot 2.6.0 Chatwoot Chatwoot 2.7.0 Chatwoot Chatwoot 2.8.0 Chatwoot Chatwoot 2.8.1 Chatwoot Chatwoot 2.9.0 Chatwoot Chatwoot 2.9.1	77

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References