CVE-2023-32657

Last Updated: April 8, 2024

CVE ID: CVE-2023-32657

Published: 2024-04-08

Severity: Medium

Affected Products

Vendor: Weintek

Product: Weincloud Account API: Versions 0.13.6 and prior

Vulnerability Description

The affected product could allow an attacker to efficiently develop a brute force attack on credentials with authentication hints from error message responses.

This vulnerability represents an improper restriction of excessive authentication attempts issue in the Weincloud Account API.

Solution & Remediation

Fixed in version: v0.13.8

Credit

Hank Chen of TXOne Networks

Questions About This Advisory?

Our PSIRT team is here to help with security-related inquiries.

psirt@txone.com

← Back to PSIRT