OctoPrint does not have rate limiting on the login page
Low severity
GitHub Reviewed
Published
Aug 16, 2022
to the GitHub Advisory Database
•
Updated Sep 1, 2023
Description
Published by the National Vulnerability Database
Aug 15, 2022
Published to the GitHub Advisory Database
Aug 16, 2022
Reviewed
Aug 18, 2022
Last updated
Sep 1, 2023
OctoPrint 1.7.3 and prior does not have rate limiting on the login page, making it possible for attackers to attempt brute force attacks. The severity of this issue is limited by OctoPrint normally running in a restricted LAN. The
devel
andmaintenance
branches of the repository have a fix that limits the rate of failed login attempts.References