CVE-2023-34240 MEDIUM

CVE-2023-34240: Weak passwords allowed in cloudexplorer-lite

Vendor Cloudexplorer-Dev
Product CloudExplorer-Lite
Weakness CWE-521
Published June 27, 2023
Last update November 27, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Cloudexplorer-lite is an open source cloud software stack. Weak passwords can be easily guessed and are an easy target for brute force attacks. This can lead to an authentication system failure and compromise system security. Versions of cloudexplorer-lite prior to 1.2.0 did not enforce strong passwords. This vulnerability has been fixed in version 1.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Key dates

02Disclosure timeline

June 27, 2023 CVE published
November 27, 2024 Record updated