A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement.  While the risk is relatively low due to the typical length of the passwords used (73 characters), this vulnerability can still be exploited to reduce the complexity of brute-force or password-guessing attacks. The truncation of passwords weakens the overall authentication process, thereby reducing the effectiveness of password policies and potentially increasing the risk of unauthorized access in the future.
History

Tue, 03 Dec 2024 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-287
CPEs cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*

Thu, 17 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 17 Oct 2024 14:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement.  While the risk is relatively low due to the typical length of the passwords used (73 characters), this vulnerability can still be exploited to reduce the complexity of brute-force or password-guessing attacks. The truncation of passwords weakens the overall authentication process, thereby reducing the effectiveness of password policies and potentially increasing the risk of unauthorized access in the future.
Title quay: Quay allows successful authentication with trucated version of the password Quay: quay allows successful authentication with trucated version of the password
First Time appeared Redhat
Redhat quay
CPEs cpe:/a:redhat:quay:3
Vendors & Products Redhat
Redhat quay
References

Thu, 10 Oct 2024 02:00:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title quay: Quay allows successful authentication with trucated version of the password
Weaknesses CWE-305
References
Metrics threat_severity

None

cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N'}

threat_severity

Low


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-10-17T14:08:57.482Z

Updated: 2024-11-27T18:54:53.220Z

Reserved: 2024-10-09T12:30:10.219Z

Link: CVE-2024-9683

cve-icon Vulnrichment

Updated: 2024-10-17T14:35:58.257Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-17T15:15:13.850

Modified: 2024-12-03T16:14:52.690

Link: CVE-2024-9683

cve-icon Redhat

Severity : Low

Publid Date: 2024-10-09T00:00:00Z

Links: CVE-2024-9683 - Bugzilla