Main Vulnerability Database Vulnerabilities #VU129751

Improper Restriction of Excessive Authentication Attempts in LibreNMS - CVE-2023-46745

Published: November 17, 2023 / Updated: May 5, 2026

Vulnerability identifier: #VU129751

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-46745

CWE-ID: CWE-307

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
LibreNMS

Software vendor:
LibreNMS Project

Description

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper restriction of excessive authentication attempts in the login page authentication handler when processing GET-based authentication requests. A remote attacker can send repeated authentication requests to brute-force user accounts to disclose sensitive information.

One login method uses GET requests for authentication, which may expose submitted credentials in web server logs.

Remediation

Install security update from vendor's website.

External links

https://github.com/librenms/librenms/security/advisories/GHSA-rq42-58qf-v3qx

Improper Restriction of Excessive Authentication Attempts in LibreNMS - CVE-2023-46745

Description

Remediation

External links

Please verify you're human