Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20170430182826.ovpqricwr7ucjtg7@eldamar.local>
Date: Sun, 30 Apr 2017 20:28:26 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Subject: radicale: CVE-2017-8342: prone to timing oracles and simple
 bruteforce attacks

Hi

The following CVE assignment was done via the
https://cveform.mitre.org:

Radicale, a simple calendar and addressbook server, before 1.1.2 and
2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force
attacks when using the htpasswd authentication method.

References:
https://bugs.debian.org/861514
https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d
https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b
https://github.com/Kozea/Radicale/blob/1.1.2/NEWS.rst

CVE-2017-8342 was assigned for this issue.

Regards,
Salvatore

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.