CVE-2024-55008 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

JATOS 3.9.4 contains a denial-of-service (DoS) vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their a…
High CVSS: 7.5

CVE-2024-55008

JATOS 3.9.4 contains a denial-of-service (DoS) vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts. Specifically, by submitting 3 incorrect login attempts every minute, the attacker can trigger the account lockout mechanism on the account level, effectively locking the user out indefinitely. Since the lockout is applied to the user account and not based on the IP address, any attacker can trigger the lockout on any user account, regardless of their privileges.
Vendor
Jatos
Product
Jatos
CWE
CWE-307
Yayın Tarihi
2025-01-07 16:15:36
Güncelleme
2025-06-24 00:19:17
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-307 Jatos HIGH Jatos 2025

Referanslar

http://jatos.com https://hacking-notes.medium.com/cve-2024-51379-jatos-v3-9-4-account-lockout-denial-of-service-cc970f4ca58f https://hacking-notes.medium.com/cve-2024-51379-jatos-v3-9-4-account-lockout-denial-of-service-cc970f4ca58f