Primary

Context

SyncBreeze Denial-of-Service Vulnerability in Login Authentication Mechanism

Vulnerability

A denial-of-service vulnerability has been identified in SyncBreeze version 15.2.24. The issue arises in the login authentication process, where attackers can send oversized password parameters with repeated 'password=' values. This overloads the login endpoint, potentially causing the service to crash and disrupt availability.

Impact

Exploitation of this vulnerability can lead to a crash of the SyncBreeze service, causing a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/login' endpoint with a 'password' parameter that includes an excessive number of 'password=' values. This can be done using a script or tool that automates the process of sending such a request, effectively overwhelming the login endpoint and causing the service to crash.

Added: Dec 15, 2025, 9:26 PM

Updated: Dec 15, 2025, 9:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SyncBreeze Denial-of-Service Vulnerability in Login Authentication Mechanism

Vulnerability

Impact

Reproduction

Affected Products

Flexense SyncBreeze

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating