Vulnerability Details CVE-2023-26756
The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks. NOTE: The vendor's position is that this is effectively mitigated by rate limits and password-quality features.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.3%
CVSS Severity
CVSS v3 Score 7.5
References
- http://seclists.org/fulldisclosure/2024/Apr/27
- https://googleinformationsworld.blogspot.com/2023/04/revive-adserver-541-vulnerable-to-brute.html
- https://www.esecforte.com/login-page-brute-force-attack/
- https://www.revive-adserver.com/security/response-to-cve-2023-26756/
- http://seclists.org/fulldisclosure/2024/Apr/27
- https://googleinformationsworld.blogspot.com/2023/04/revive-adserver-541-vulnerable-to-brute.html
- https://www.esecforte.com/login-page-brute-force-attack/
- https://www.revive-adserver.com/security/response-to-cve-2023-26756/