CVE-2017-15887

An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085…

synology·CWE-307·Published 2017-11-07

CVSS

—

EPSS

0.02

KEV

Exploits

cve.orgen

211 chars

An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack.

NVDen

211 chars

NVDes

262 chars

Una vulnerabilidad de restricción indebida de intentos excesivos de autenticación en /principals en Synology CardDAV Server en versiones anteriores a la 6.0.7-0085 permite que atacantes remotos obtengan credenciales de usuario mediante un ataque de fuerza bruta.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.0	Primary	NVD	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H