CVE-2023-2160: Modoboa has Weak Password Requirements
(updated )
Modoboa 2.0.5 and prior allows users to set unsafe passwords, such as 1 or HACK. This issue is fixed in commit 130257c96a2392ada795785a91178e656e27015c and is part of version 2.1.0.
References
- github.com/advisories/GHSA-9gxx-32p7-ff7m
- github.com/modoboa/modoboa
- github.com/modoboa/modoboa/commit/130257c96a2392ada795785a91178e656e27015c
- github.com/pypa/advisory-database/tree/main/vulns/modoboa/PYSEC-2023-34.yaml
- huntr.dev/bounties/54fb6d6a-6b39-45b6-b62a-930260ba484b
- nvd.nist.gov/vuln/detail/CVE-2023-2160
Detect and mitigate CVE-2023-2160 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →