'[oss-security] radicale: CVE-2017-8342: prone to timing oracles and simple bruteforce attacks'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] radicale: CVE-2017-8342: prone to timing oracles and simple bruteforce attacks
From:       Salvatore Bonaccorso <carnil () debian ! org>
Date:       2017-04-30 18:28:26
Message-ID: 20170430182826.ovpqricwr7ucjtg7 () eldamar ! local
[Download RAW message or body]

Hi

The following CVE assignment was done via the
https://cveform.mitre.org:

Radicale, a simple calendar and addressbook server, before 1.1.2 and
2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force
attacks when using the htpasswd authentication method.

References:
https://bugs.debian.org/861514
https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d
https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b
https://github.com/Kozea/Radicale/blob/1.1.2/NEWS.rst

CVE-2017-8342 was assigned for this issue.

Regards,
Salvatore
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic