5.3
CVE-2022-44022
- EPSS 0.17%
- Veröffentlicht 30.10.2022 00:15:10
- Zuletzt bearbeitet 07.05.2025 14:15:38
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginPwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pwndoc Project ≫ Pwndoc Version <= 0.5.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.38 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-307 Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.