CVE-2024-21500: Improper Restriction of Excessive Authentication Attempts
(updated )
All versions of the package github.com/greenpau/caddy-security is vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Although the application blocks the user after several failed attempts to provide 2FA codes, attackers can bypass this blocking mechanism by automating the application’s full multistep 2FA process.
References
Detect and mitigate CVE-2024-21500 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →