Date: Sun, 30 Apr 2017 20:28:26 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Subject: radicale: CVE-2017-8342: prone to timing oracles and simple bruteforce attacks Hi The following CVE assignment was done via the https://cveform.mitre.org: Radicale, a simple calendar and addressbook server, before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. References: https://bugs.debian.org/861514 https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b https://github.com/Kozea/Radicale/blob/1.1.2/NEWS.rst CVE-2017-8342 was assigned for this issue. Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.