Vulnerabilities > CVE-2023-27172 - Improper Restriction of Excessive Authentication Attempts vulnerability in Xpand-It Write-Back Manager 2.3.1

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

xpand-it

CWE-307

critical

NVD

Published: 2023-12-20

Updated: 2024-01-02

Summary

Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack.

Vulnerable Configurations

Part	Description	Count
Application	Xpand-It Xpand IT Write Back Manager 2.3.1	1

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://balwurk.github.io/CVE-2023-27172/