Vulnerabilities > CVE-2024-45589 - Improper Restriction of Excessive Authentication Attempts vulnerability in Identityautomation Rapididentity

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

high complexity

identityautomation

CWE-307

NVD

Published: 2024-09-05

Updated: 2024-09-12

Summary

RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 improperly restricts excessive authentication attempts and allows a remote attacker to cause a denial of service via the username parameters.

Vulnerable Configurations

Part	Description	Count
Application	Identityautomation Identityautomation Rapididentity *	2

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://help.rapididentity.com/docs/rapididentity-lts-release-notes
https://benrogozinski.github.io/CVE-2024-45589/