Base Score

HIGH8.1

CVE-2017-8342

Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.

VectorNETWORK

Published Bycve@mitre.org

Published DateApr 30, 2017, 15:59

Affected Versions(2)

Radicale(PyPI)

Introduced0

Fixed1.1.2

LimitN/A

Radicale(PyPI)

Introduced2.0.0rc1

Fixed2.0.0rc2

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
Radicale(PyPI)	0	1.1.2	N/A
Radicale(PyPI)	2.0.0rc1	2.0.0rc2	N/A

Weakness Type (CWE):CWE-362

CVSS Metrics

Base Score

8.1

Vector String

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

Base Score

HIGH8.1

Weakness Type (CWE):CWE-362

CVSS Metrics

Base Score

8.1

Vector String

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH