Description
OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious user who commits internal fraud can break through the two-factor authentication and hijack the account. This is because the otpLogin mutation does not implement One Time Password rate limiting. As of time of publication, it is unknown whether a patch is available.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 pypi | | =1.2.1 || =1.2.11 || =1.2.12 || =1.2.13 || =1.2.14 || =1.2.15 || =1.2.2 || =1.2.4 || =1.2.9 || =2.0.0 || =2.0.1 || =2.0.2 || =2.0.3 || =2.1.10 || =2.1.11 || =2.1.12 || =2.1.13 || =2.1.3 || =2.1.4 || =2.1.5 || =2.1.6 || =2.1.7 || =2.1.8 || =2.1.9 || =3.0.0 || =3.0.1 || =3.0.2 || =3.0.3 || =3.1.0 || =3.1.1 || =3.1.2 || =3.2.0 || =3.2.1 || =3.2.2 || =3.2.3 || =3.2.4 || =3.2.5 || =3.2.6 || =3.2.7 || =3.3.0 || =3.3.1 || =3.3.2 || =3.3.3 || =4.0.0 || =4.0.1 || =4.0.2 || =4.0.3 || =4.0.4 || =4.0.5 || =4.0.6 || =4.0.7 || =4.1.0 || =4.1.1 || =4.1.2 || =4.2.1 || =4.2.2 || =4.2.3 || =4.2.4 || =4.3.0 || =4.3.1 || =4.3.2 || =4.3.3 || =4.3.4 || =4.3.5 || =4.4.0 || =4.4.1 || =4.4.2 || =4.4.3 || =4.5.0 || =4.5.1 || =4.5.2 || =4.5.3 || =4.5.4 || =4.5.5 || =5.0.0 || =5.0.1 || =5.0.2 || =5.0.3 || =5.1.0 || =5.1.1 || =5.1.2 || =5.1.3 || =5.1.4 || =5.10.0 || =5.10.1 || =5.10.2 || =5.10.3 || =5.11.0 || =5.11.1 || =5.11.10 || =5.11.11 || =5.11.12 || =5.11.13 || =5.11.14 || =5.11.2 || =5.11.3 || =5.11.4 || =5.11.5 || =5.11.6 || =5.11.7 || =5.11.8 || =5.11.9 || =5.12.0 || =5.12.1 || =5.12.10 || =5.12.11 || =5.12.12 || =5.12.13 || =5.12.14 || =5.12.15 || =5.12.16 || =5.12.17 || =5.12.18 || =5.12.19 || =5.12.2 || =5.12.20 || =5.12.21 || =5.12.22 || =5.12.23 || =5.12.24 || =5.12.25 || =5.12.26 || =5.12.27 || =5.12.28 || =5.12.29 || =5.12.3 || =5.12.30 || =5.12.31 || =5.12.32 || =5.12.33 || =5.12.4 || =5.12.5 || =5.12.6 || =5.12.7 || =5.12.8 || =5.12.9 || =5.2.0 || =5.2.1 || =5.2.2 || =5.2.3 || =5.2.4 || =5.3.0 || =5.3.1 || =5.3.10 || =5.3.11 || =5.3.12 || =5.3.13 || =5.3.14 || =5.3.15 || =5.3.16 || =5.3.17 || =5.3.2 || =5.3.3 || =5.3.4 || =5.3.5 || =5.3.6 || =5.3.7 || =5.3.8 || =5.3.9 || =5.3.post5310 || =5.3.post5311 || =5.3.post5312 || =5.3.post5314 || =5.3.post5315 || =5.3.post5316 || =5.3.post5317 || =5.3.post5318 || =5.4.0 || =5.4.1 || =5.5.0 || =5.5.1 || =5.5.2 || =5.5.3 || =5.5.4 || =5.5.5 || =5.5.6 || =5.5.post551 || =5.5.post552 || =5.5.post553 || =5.5.post554 || =5.5.post555 || =5.5.post556 || =5.6.0 || =5.6.1 || =5.6.2 || =5.6.post560 || =5.6.post561 || =5.6.post562 || =5.7.0 || =5.7.1 || =5.7.2 || =5.7.3 || =5.7.4 || =5.7.5 || =5.7.6 || =5.7.post570 || =5.7.post571 || =5.7.post572 || =5.7.post573 || =5.7.post574 || =5.7.post575 || =5.7.post576 || =5.8.0 || =5.8.1 || =5.8.2 || =5.8.3 || =5.8.4 || =5.8.5 || =5.8.6 || =5.8.7 || =5.9.0 || =5.9.1 || =5.9.2 || =5.9.3 || =5.9.4 || =5.9.5 || =5.9.6 || =6.0.0 || =6.0.1 || =6.0.10 || =6.0.2 || =6.0.3 || =6.0.4 || =6.0.5 || =6.0.6 || =6.0.7 || =6.0.8 || =6.0.9 || =6.1.0 || =6.1.1 || =6.1.10 || =6.1.11 || =6.1.12 || =6.1.13 || =6.1.2 || =6.1.3 || =6.1.4 || =6.1.5 || =6.1.6 || =6.1.7 || =6.1.8 || =6.1.9 || =6.2.0 || =6.2.1 || =6.2.10 || =6.2.11 || =6.2.12 || =6.2.13 || =6.2.14 || =6.2.15 || =6.2.16 || =6.2.17 || =6.2.2 || =6.2.3 || =6.2.4 || =6.2.5 || =6.2.6 || =6.2.7 || =6.2.8 || =6.2.9 || >=0 <6.2.18 | 6.2.18 |
