First published: Fri Oct 05 2018(Updated: )
Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Pivotal Software Cloudfoundry Uaa | <4.20.0 | |
Pivotal Software Cloudfoundry Uaa Release | <61.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-11082 is a vulnerability in Cloud Foundry UAA and Cloud Foundry UAA Release that allows brute forcing of MFA codes.
The severity of CVE-2018-11082 is critical with a severity value of 9.8.
CVE-2018-11082 affects all versions of Cloud Foundry UAA prior to 4.20.0.
CVE-2018-11082 affects all versions of Cloud Foundry UAA Release prior to 61.0.
To prevent the brute forcing of MFA codes for CVE-2018-11082, it is recommended to upgrade to Cloud Foundry UAA 4.20.0 or later and Cloud Foundry UAA Release 61.0 or later.