How severe is CVE-2023-47111?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2023-47111?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2023-47111 - LOW Severity | CVSS 3.7

Vulnerability Description

ZITADEL provides identity infrastructure. ZITADEL provides administrators the possibility to define a `Lockout Policy` with a maximum amount of failed password check attempts. On every failed password check, the amount of failed checks is compared against the configured maximum. Exceeding the limit, will lock the user and prevent further authentication. In the affected implementation it was possible for an attacker to start multiple parallel password checks, giving him the possibility to try out more combinations than configured in the `Lockout Policy`. This vulnerability has been patched in versions 2.40.5 and 2.38.3.

Related Vulnerabilities

CVE-2011-1075

LOW

CVSS:3.7(Low)

FreeBSD's crontab calculates the MD5 sum of the previous and new cronjob to determine if any changes have been made before copying the new version in. In particular, it uses the MD5File() function, wh...

CWE-3622011

CVE-2018-3759

LOW

CVSS:3.7(Low)

private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can t...

CWE-3622018

CVE-2020-11810

LOW

CVSS:3.7(Low)

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arriv...

CWE-3622020

CVE-2020-27746

LOW

CVSS:3.7(Low)

Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc...

CWE-3622020

CVE-2021-36994

LOW

CVSS:3.7(Low)

There is a issue that trustlist strings being repeatedly inserted into the linked list in Huawei Smartphone due to race conditions. Successful exploitation of this vulnerability can cause exceptions w...

CWE-3622021

CVE-2021-37073

LOW

CVSS:3.7(Low)

There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the detection result is tampered with.

CWE-3622021