phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly.
phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly.
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
https://cwe.mitre.org/data/definitions/307.html →Open in CWE collection →https://capec.mitre.org/data/definitions/16.html →Open in CAPEC collection →
An adversary tries every possible value for a password until they succeed. A brute force attack, if feasible computationally, will always be successful because it will essentially go through all possible passwords given the alphabet used (lower case letters, upper case letters, numbers, symbols, etc.) and the maximum length of the password.
https://capec.mitre.org/data/definitions/49.html →Open in CAPEC collection →https://capec.mitre.org/data/definitions/560.html →Open in CAPEC collection →
https://capec.mitre.org/data/definitions/565.html →Open in CAPEC collection →
https://capec.mitre.org/data/definitions/600.html →Open in CAPEC collection →
An adversary obtains (i.e. steals or purchases) legitimate Kerberos credentials (e.g. Kerberos service account userID/password or Kerberos Tickets) with the goal of achieving authenticated access to additional systems, applications, or services within the domain.
https://capec.mitre.org/data/definitions/652.html →Open in CAPEC collection →An adversary guesses or obtains (i.e. steals or purchases) legitimate operating system credentials (e.g. userID/password) to achieve authentication and to perform authorized actions on the system, under the guise of an authenticated user or service. This applies to any Operating System.
https://capec.mitre.org/data/definitions/653.html →Open in CAPEC collection →