CVE-2023-26756
N/A
N/A
Summary
The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks. NOTE: The vendor's position is that this is effectively mitigated by rate limits and password-quality features.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://googleinformationsworld.blogspot.com/2023/04/revive-adserver-541-vulnerable-to-brute.html
- https://www.esecforte.com/login-page-brute-force-attack/
- http://seclists.org/fulldisclosure/2024/Apr/27
- https://www.revive-adserver.com/security/response-to-cve-2023-26756/
References
- https://googleinformationsworld.blogspot.com/2023/04/revive-adserver-541-vulnerable-to-brute.html
- https://www.esecforte.com/login-page-brute-force-attack/
- http://seclists.org/fulldisclosure/2024/Apr/27
- https://www.revive-adserver.com/security/response-to-cve-2023-26756/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.