CVE-2018-1000809

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-1000809
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000809.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1000809
Aliases
Published
2018-10-08T15:29:01.057Z
Modified
2026-03-15T22:17:25.482588Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http request with user=<space>&pass= to /validate/check url. This vulnerability appears to have been fixed in 2.23.2.

References

Affected packages

Git / github.com/privacyidea/privacyidea

Affected ranges

Type
GIT
Repo
https://github.com/privacyidea/privacyidea
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
923de03c1bfd65817ebe0d4f884b6ca1c89c3e8b
Fixed
a3edc09beffa2104f357fe24971ea3211ce40751
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.23.1"
        }
    ]
}

Affected versions

v1.*
v1.0
v1.1
v1.2
v1.2.1
v1.3
v1.3-dev5
v1.3.1
v1.3.2
v1.3.3
v1.3dev2
v1.3dev3
v1.3dev4
v1.4
v1.5.1
v2.*
v2.0
v2.1
v2.10
v2.10dev2
v2.11
v2.12
v2.13
v2.14
v2.15
v2.16
v2.16dev4
v2.16dev5
v2.17
v2.18
v2.18dev5
v2.19
v2.19.1
v2.19.1-1
v2.2
v2.20
v2.20.1
v2.21
v2.21.1
v2.21.2
v2.21.3
v2.21dev2
v2.22
v2.22.1
v2.22dev0
v2.22dev1
v2.22dev3
v2.22dev4
v2.22dev5
v2.22dev6
v2.22dev7
v2.23
v2.23.1
v2.23.2
v2.23dev2
v2.23dev3
v2.23dev4
v2.23dev6
v2.23dev7
v2.23dev8
v2.3
v2.3dev1
v2.3dev3
v2.4
v2.6
v2.7
v2.8
v2.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000809.json"