A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement. While the risk is relatively low due to the typical length of the passwords used (73 characters), this vulnerability can still be exploited to reduce the complexity of brute-force or password-guessing attacks. The truncation of passwords weakens the overall authentication process, thereby reducing the effectiveness of password policies and potentially increasing the risk of unauthorized access in the future.
Metrics
Affected Vendors & Products
References
History
Tue, 03 Dec 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-287 | |
CPEs | cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:* |
Thu, 17 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 17 Oct 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement. While the risk is relatively low due to the typical length of the passwords used (73 characters), this vulnerability can still be exploited to reduce the complexity of brute-force or password-guessing attacks. The truncation of passwords weakens the overall authentication process, thereby reducing the effectiveness of password policies and potentially increasing the risk of unauthorized access in the future. |
Title | quay: Quay allows successful authentication with trucated version of the password | Quay: quay allows successful authentication with trucated version of the password |
First Time appeared |
Redhat
Redhat quay |
|
CPEs | cpe:/a:redhat:quay:3 | |
Vendors & Products |
Redhat
Redhat quay |
|
References |
|
Thu, 10 Oct 2024 02:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | |
Title | quay: Quay allows successful authentication with trucated version of the password | |
Weaknesses | CWE-305 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-10-17T14:08:57.482Z
Updated: 2024-11-27T18:54:53.220Z
Reserved: 2024-10-09T12:30:10.219Z
Link: CVE-2024-9683
Vulnrichment
Updated: 2024-10-17T14:35:58.257Z
NVD
Status : Analyzed
Published: 2024-10-17T15:15:13.850
Modified: 2024-12-03T16:14:52.690
Link: CVE-2024-9683
Redhat