Primary

Context

Nagios Fusion Two-Factor Authentication Brute-Force Bypass Vulnerability

Vulnerability

Patched

A brute-force bypass vulnerability in the Two-Factor Authentication (2FA) implementation has been identified in Nagios Fusion versions prior to 2024R2.1. The application failed to properly enforce rate limiting or account lockout for repeated failed 2FA verification attempts. This oversight allowed remote attackers to repeatedly attempt second-factor codes for targeted accounts, potentially leading to unauthorized access.

Impact

Exploitation of this vulnerability could allow an attacker to bypass Two-Factor Authentication and gain unauthorized access to accounts protected by 2FA.

Remediation

Users are advised to update Nagios Fusion to version 2024R2.1 or later.

Added: Oct 30, 2025, 10:34 PM

Updated: Oct 30, 2025, 10:34 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

6.2

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

6.2

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nagios Fusion Two-Factor Authentication Brute-Force Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Nagios Fusion

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating