A vulnerability has been found in Firefly III (affected version unknown) and classified as problematic. Affected by this vulnerability is an unknown code. The bugfix is ready for download at github.com.
Description
firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts. The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks. The CWE definition for the vulnerability is CWE-307.
| CVE-ID | CVE-2021-3663 |
|---|---|
| Risk Score | 5.3 |
| Severity rating: | MEDIUM |
| CVSS Vector: | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| Product | Firefly III |
| Remote Access | No |
Basic Matrices
| Attack Vector: | Local |
| Attack Complexity: | Low |
| Privileges Required: | Low |
| User Interaction: | None |
| Scope: | Unchanged |
| Confidentiality Impact: | Low |
| Integrity Impact: | Low |
| Availability Impact: | Low |
| Risk: | Medium |
Mitigation
Applying a patch is able to eliminate this problem
