OpenCVE

Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Checkmk	Checkmk

No data.

No data.

References

Link	Providers
https://checkmk.com/werk/15198

History

No history.

MITRE

Status: PUBLISHED

Assigner: Checkmk

Published: 2024-04-24T11:25:36.306Z

Updated: 2024-08-02T00:56:58.650Z

Reserved: 2024-03-11T13:21:43.122Z

Link: CVE-2024-28825

Vulnrichment

Updated: 2024-04-24T14:30:12.652Z

NVD

Status : Awaiting Analysis

Published: 2024-04-24T12:15:06.887

Modified: 2024-11-21T09:07:00.360

Link: CVE-2024-28825

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28825", "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "state": "PUBLISHED", "assignerShortName": "Checkmk", "dateReserved": "2024-03-11T13:21:43.122Z", "datePublished": "2024-04-24T11:25:36.306Z", "dateUpdated": "2024-08-02T00:56:58.650Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [{"lessThan": "2.3.0b5", "status": "affected", "version": "2.3.0", "versionType": "semver"}, {"lessThan": "2.2.0p26", "status": "affected", "version": "2.2.0", "versionType": "semver"}, {"lessThan": "2.1.0p43", "status": "affected", "version": "2.1.0", "versionType": "semver"}, {"lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing."}], "impacts": [{"capecId": "CAPEC-49", "descriptions": [{"lang": "en", "value": "CAPEC-49: Password Brute Forcing"}]}], "metrics": [{"cvssV3_1": {"baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-307", "description": "CWE-307: Improper Restriction of Excessive Authentication Attempts", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk", "dateUpdated": "2024-04-24T11:25:36.306Z"}, "references": [{"url": "https://checkmk.com/werk/15198"}], "title": "Brute-force protection ineffective for some login methods"}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28825", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-24T14:27:40.480273Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:checkmk:checkmk:2.0.0:*:*:*:*:*:*:*"], "vendor": "checkmk", "product": "checkmk", "versions": [{"status": "affected", "version": "2.0.0", "lessThan": "2.0.0p39", "versionType": "semver"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:checkmk:checkmk:2.1.0:*:*:*:*:*:*:*"], "vendor": "checkmk", "product": "checkmk", "versions": [{"status": "affected", "version": "2.1.0", "lessThan": "2.1.0p43", "versionType": "semver"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:checkmk:checkmk:2.2.0:*:*:*:*:*:*:*"], "vendor": "checkmk", "product": "checkmk", "versions": [{"status": "affected", "version": "2.2.0", "lessThan": "2.2.0p26", "versionType": "semver"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:checkmk:checkmk:2.3.0:*:*:*:*:*:*:*"], "vendor": "checkmk", "product": "checkmk", "versions": [{"status": "affected", "version": "2.3.0", "lessThan": "2.3.0b5", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T18:03:50.090Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:56:58.650Z"}, "title": "CVE Program Container", "references": [{"url": "https://checkmk.com/werk/15198", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28825", "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "state": "PUBLISHED", "assignerShortName": "Checkmk", "dateReserved": "2024-03-11T13:21:43.122Z", "datePublished": "2024-04-24T11:25:36.306Z", "dateUpdated": "2024-06-04T18:03:50.090Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [{"lessThan": "2.3.0b5", "status": "affected", "version": "2.3.0", "versionType": "semver"}, {"lessThan": "2.2.0p26", "status": "affected", "version": "2.2.0", "versionType": "semver"}, {"lessThan": "2.1.0p43", "status": "affected", "version": "2.1.0", "versionType": "semver"}, {"lessThanOrEqual": "2.0.0p39", "status": "affected", "version": "2.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing."}], "impacts": [{"capecId": "CAPEC-49", "descriptions": [{"lang": "en", "value": "CAPEC-49: Password Brute Forcing"}]}], "metrics": [{"cvssV3_1": {"baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-307", "description": "CWE-307: Improper Restriction of Excessive Authentication Attempts", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk", "dateUpdated": "2024-04-24T11:25:36.306Z"}, "references": [{"url": "https://checkmk.com/werk/15198"}], "title": "Brute-force protection ineffective for some login methods"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28825", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-24T14:27:40.480273Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:checkmk:checkmk:2.0.0:*:*:*:*:*:*:*"], "vendor": "checkmk", "product": "checkmk", "versions": [{"status": "affected", "version": "2.0.0", "lessThan": "2.0.0p39", "versionType": "semver"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:checkmk:checkmk:2.1.0:*:*:*:*:*:*:*"], "vendor": "checkmk", "product": "checkmk", "versions": [{"status": "affected", "version": "2.1.0", "lessThan": "2.1.0p43", "versionType": "semver"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:checkmk:checkmk:2.2.0:*:*:*:*:*:*:*"], "vendor": "checkmk", "product": "checkmk", "versions": [{"status": "affected", "version": "2.2.0", "lessThan": "2.2.0p26", "versionType": "semver"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:checkmk:checkmk:2.3.0:*:*:*:*:*:*:*"], "vendor": "checkmk", "product": "checkmk", "versions": [{"status": "affected", "version": "2.3.0", "lessThan": "2.3.0b5", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-24T14:30:12.652Z"}, "title": "CISA ADP Vulnrichment"}]}}