rdiffweb contains Weak Password Requirements
High severity
GitHub Reviewed
Published
Sep 14, 2022
to the GitHub Advisory Database
•
Updated Oct 25, 2024
Description
Published by the National Vulnerability Database
Sep 13, 2022
Published to the GitHub Advisory Database
Sep 14, 2022
Reviewed
Sep 15, 2022
Last updated
Oct 25, 2024
rdiffweb version 2.4.1 has no password policy or password checking, which could make users vulnerable to brute force password guessing attacks. Version 2.4.2 enforces minimum and maximum password lengths.
References