Vulnerability Description
privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http request with user=<space>&pass= to /validate/check url. This vulnerability appears to have been fixed in 2.23.2.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Privacyidea | Privacyidea | <= 2.23.1 |
Related Weaknesses (CWE)
References
- https://github.com/privacyidea/privacyidea/commit/a3edc09beffa2104f357fe24971ea3PatchThird Party Advisory
- https://github.com/privacyidea/privacyidea/issues/1227ExploitPatchThird Party Advisory
- https://github.com/privacyidea/privacyidea/commit/a3edc09beffa2104f357fe24971ea3PatchThird Party Advisory
- https://github.com/privacyidea/privacyidea/issues/1227ExploitPatchThird Party Advisory
FAQ
What is CVE-2018-1000809?
CVE-2018-1000809 is a vulnerability with a CVSS score of 7.5 (HIGH). privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http re...
How severe is CVE-2018-1000809?
CVE-2018-1000809 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000809?
Check the references section above for vendor advisories and patch information. Affected products include: Privacyidea Privacyidea.