CVE-2023-47111

CVSS 3.1 Score 3.7 of 10 (low)

Details

Published Nov 8, 2023

Updated: Nov 16, 2023

CWE ID 362

Summary

CVE-2023-47111 affects ZITADEL's identity infrastructure, where the Lockout Policy feature allows administrators to limit the number of failed password attempts before locking a user account. However, an attacker was able to bypass this security measure by executing multiple parallel password checks, potentially trying out more combinations than the configured limit. This vulnerability has been addressed in versions 2.40.5 and 2.38.3 of ZITADEL's software.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Zitadel

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tNY6KT
https://www.cve.org/CVERecord?id=CVE-2023-47111
https://nvd.nist.gov/vuln/detail/CVE-2023-47111

Back to Vulnerability Database

CVE-2023-47111

CVSS 3.1 Score 3.7 of 10 (low)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations