Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-9683

A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement. While the risk is relatively low due to the typical length of the passwords used (73 characters), this vulnerability can still be exploited to reduce the complexity of brute-force or password-guessing attacks. The truncation of passwords weakens the overall authentication process, thereby reducing the effectiveness of password policies and potentially increasing the risk of unauthorized access in the future.

Published

2024-10-17T15:15:13.850

Last Modified

2024-12-03T16:14:52.690

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-305
Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	quay	3.0.0	Yes

References

https://access.redhat.com/security/cve/CVE-2024-9683 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2317559 Issue Tracking, Vendor Advisory ([email protected])