Improper control of interaction frequency in Joomla!

#VU76654 Improper control of interaction frequency in Joomla!

Published: 2023-05-30

Vulnerability identifier: #VU76654

Vulnerability risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-23755

CWE-ID: CWE-799

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Joomla!
Web applications / CMS

Vendor: Joomla!

Description

The vulnerability allows a remote attacker to perform brute-force attack.

The vulnerability exists due to missing rate limitation checks within the mfa screen. A remote attacker can perform brute-force attacks against MFA methods.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Joomla!: 4.3.0 - 4.3.1, 4.2.0 - 4.2.9

External links
http://developer.joomla.org/security-centre/900-20230502-core-bruteforce-prevention-within-the-mfa-screen.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Joomla!