← back
CVE-2018-11082

Cloud Foundry UAA MFA does not prevent brute force of MFA code

CVSS 6.6 MEDIUMEPSS 1.1%
Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user.
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Cloud Foundry · UAACloud Foundry · UAA Release

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cloudfoundry.org/blog/cve-2018-11082/