Overview
- Description
- A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement. While the risk is relatively low due to the typical length of the passwords used (73 characters), this vulnerability can still be exploited to reduce the complexity of brute-force or password-guessing attacks. The truncation of passwords weakens the overall authentication process, thereby reducing the effectiveness of password policies and potentially increasing the risk of unauthorized access in the future.
- Source
- secalert@redhat.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.8
- Impact score
- 2.5
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- secalert@redhat.com
- CWE-305
Social media
- Hype score
- Not currently trending
CVE-2024-9683 Password Truncation Weakens Authentication in Quay, Allowing Exploitation A vulnerability in Quay lets users authenticate with a shortened version of their password. This flaw affects how passwords ... https://t.co/pBzSjwGtEU
@VulmonFeeds
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ¡Alerta de Vulnerabilidad! 🚨 Se ha identificado la vulnerabilidad CVE-2024-9683 en Quay. Esta falla permite autenticación exitosa incluso cuando se proporciona una versión truncada de la contraseña, afectando así el mecanismo de autenticación y reduciendo la seguridad… https
@antu_tech
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes