Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Mtons Mblog Brute Force Vulnerability in Password Management Endpoint

Vulnerability

Exploited

A vulnerability exists in Mtons Mblog versions up to 3.5.0, specifically in the '/settings/password' file. This issue allows for excessive authentication attempts due to a lack of rate limiting and CAPTCHA protection, creating a brute force attack vector for password enumeration. Once a password is successfully guessed, it can be immediately changed to a new one.

Impact

Exploitation of this vulnerability allows for password enumeration and unauthorized password changes, potentially leading to account takeover.

Reproduction

To reproduce this vulnerability, access the '/settings/password' endpoint. The absence of rate limiting and CAPTCHA will allow multiple password attempts in quick succession. After successfully guessing a password, it can be changed to a new one, effectively taking over the account.

Added: Aug 15, 2025, 3:20 AM

Updated: Aug 15, 2025, 3:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.4

remediation

0.0

relevance

0.4

threat

8.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.4

remediation

0.0

relevance

0.4

threat

8.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Mtons Mblog Brute Force Vulnerability in Password Management Endpoint

Vulnerability

Impact

Reproduction

Affected Products

mtons mblog

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating