Vulnerabilities > CVE-2023-26756 - Improper Restriction of Excessive Authentication Attempts vulnerability in Revive Adserver 5.4.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks. NOTE: The vendor's position is that this is effectively mitigated by rate limits and password-quality features.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- http://seclists.org/fulldisclosure/2024/Apr/27
- http://seclists.org/fulldisclosure/2024/Apr/27
- https://googleinformationsworld.blogspot.com/2023/04/revive-adserver-541-vulnerable-to-brute.html
- https://googleinformationsworld.blogspot.com/2023/04/revive-adserver-541-vulnerable-to-brute.html
- https://www.esecforte.com/login-page-brute-force-attack/
- https://www.esecforte.com/login-page-brute-force-attack/
- https://www.revive-adserver.com/security/response-to-cve-2023-26756/
- https://www.revive-adserver.com/security/response-to-cve-2023-26756/