CVE-2014-5385
Shopizer < 1.1.5 - Unauthenticated Brute Force Attack via Unrestricted Authentication Attempts
Title source: llmDescription
com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 and earlier does not restrict the number of authentication attempts, which makes it easier for remote attackers to guess passwords via a brute force attack.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/532726/100/0/threaded
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Jul/38
Scores
EPSS
0.0114
EPSS Percentile
62.7%
Details
CWE
CWE-287
Status
published
Products (1)
shopizer/shopizer
< 1.1.5
Published
Aug 21, 2014
Tracked Since
Feb 18, 2026