Primary

Context

Vantage6 Brute-Force Vulnerability in Change Password Functionality

Vulnerability

Patched

A vulnerability exists in Vantage6 versions prior to 4.11, allowing attackers with access to an authenticated session to brute-force user passwords. This is achieved by exploiting the change password feature, which can be repeatedly accessed until the correct password is entered. The absence of brute-force protection on this functionality creates a risk of unauthorized password changes.

Impact

Exploitation of this vulnerability could lead to unauthorized password changes, allowing an attacker to gain access to a user's account.

Remediation

Users can upgrade to Vantage6 version 4.11 or later to address this vulnerability.

Added: Jun 12, 2025, 6:19 PM

Updated: Jun 12, 2025, 6:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vantage6 Brute-Force Vulnerability in Change Password Functionality

Vulnerability

Impact

Remediation

Affected Products

vantage6

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating