Password Brute-Force on Telerik Report Server <=10.2.24.806 (Weak PW)
CVE-2024-7293 Published on October 9, 2024
Password policy for new users is not strong enough
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements.
Vulnerability Analysis
CVE-2024-7293 can be exploited with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Weak Password Requirements
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts. Authentication mechanisms often rely on a memorized secret (also known as a password) to provide an assertion of identity for a user of a system. It is therefore important that this password be of sufficient complexity and impractical for an adversary to guess. The specific requirements around how complex a password needs to be depends on the type of system being protected. Selecting the correct password requirements and enforcing them through implementation are critical to the overall success of the authentication mechanism.
Products Associated with CVE-2024-7293
Want to know whenever a new CVE is published for Progress Telerik Reporting? stack.watch will email you.
Affected Versions
Progress Software Corporation Telerik Report Server:- Version 1.0.0 and below 10.2.24.806 is affected.
- Version 1.0.0 and below 10.2.24.806 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.