Vulnerability Description
RATCF is an open-source framework for hosting Cyber-Security Capture the Flag events. In affected versions of RATCF users with multi factor authentication enabled are able to log in without a valid token. This is fixed in commit cebb67b.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ratcf | Ratcf | < 2021-02-26 |
Related Weaknesses (CWE)
References
- https://github.com/ractf/core/commit/c57a4d186bfc586ad3edfe4dcba9f11efbf22f09#diPatchThird Party Advisory
- https://github.com/ractf/core/commit/cebb67bd16a8296121201805332365ffccb29638PatchThird Party Advisory
- https://github.com/ractf/core/security/advisories/GHSA-fw57-f7mq-9q85PatchThird Party Advisory
- https://github.com/ractf/core/commit/c57a4d186bfc586ad3edfe4dcba9f11efbf22f09#diPatchThird Party Advisory
- https://github.com/ractf/core/commit/cebb67bd16a8296121201805332365ffccb29638PatchThird Party Advisory
- https://github.com/ractf/core/security/advisories/GHSA-fw57-f7mq-9q85PatchThird Party Advisory
FAQ
What is CVE-2021-21329?
CVE-2021-21329 is a vulnerability with a CVSS score of 8.7 (HIGH). RATCF is an open-source framework for hosting Cyber-Security Capture the Flag events. In affected versions of RATCF users with multi factor authentication enabled are able to log in without a valid to...
How severe is CVE-2021-21329?
CVE-2021-21329 has been rated HIGH with a CVSS base score of 8.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-21329?
Check the references section above for vendor advisories and patch information. Affected products include: Ratcf Ratcf.