logo

Database

Weak credential policy In rdiffweb

Description

rdiffweb allows a new password to be the same as the previous password rdiffweb prior to 2.5.0a4 allows users to set their new password to be the same as the old password during a password reset. Version 2.5.0a4 enforces a password policy in which a new password cannot be the same as the old one.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2022-33762. NVD-2022-33763. OSV-2022-33764. GCVE-2022-3376

References

1. https://github.com/ikus060/rdiffweb/commit/2ffc2af65c8f8113b06e0b89929c604bcdf844b92. https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-43157.yaml3. https://huntr.dev/bounties/a9021e93-6d18-4ac1-98ce-550c4697a4ed

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.