CVE-2023-1665

CRITICAL

linagora/twake <0.0.0. - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-1665. PoCs published by 0xsu3ks.

AI-analyzed exploit summary This repository contains a writeup for CVE-2023-1665, which describes a brute force vulnerability in Twake App versions before v2023.Q1.1223 due to unrestricted unauthenticated login attempts. The vulnerability allows attackers to perform brute force attacks on the login page.

Description

Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 0.0.0.

Exploits (1)

nomisec WRITEUP

by 0xsu3ks · poc

https://github.com/0xsu3ks/CVE-2023-1665

View Code ZIP pw:eip

This repository contains a writeup for CVE-2023-1665, which describes a brute force vulnerability in Twake App versions before v2023.Q1.1223 due to unrestricted unauthenticated login attempts. The vulnerability allows attackers to perform brute force attacks on the login page.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Twake App < v2023.Q1.1223

No auth needed

Prerequisites: Network access to the Twake login page

MITRE ATT&CK

T1110 - Brute Force

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Patch

https://github.com/linagora/twake/commit/599f397561a771251dfc7cafb8cecda5ab22b8b3

View Patch ZIP pw:eip

Exploit, Issue Tracking, Patch, Third Party Advisory

https://huntr.dev/bounties/db8fcbab-6ef0-44ba-b5c6-3b0f17ca22a2

Scores

CVSS v3 9.8

EPSS 0.0062

EPSS Percentile 44.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-307

Status published

Products (1)

linagora/twake < 2023-03-25

Published Mar 27, 2023

Tracked Since Feb 18, 2026