FluxBB Use of Password Hash With Insufficient Computational Effort Vulnerability (CVE-2020-28873)

Description

Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability by sending an extremely long password via the user login form. When a long password is sent, the password hashing process will result in CPU and memory exhaustion on the server.

Remediation

References

CVE-2020-28873

Related Vulnerabilities

WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (7.1.04)

Oracle Database Server CVE-2019-2749 Vulnerability (CVE-2019-2749)

Dot CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1826)

WordPress Plugin Arigato Autoresponder and Newsletter Cross-Site Scripting (2.3.1)

Oracle JRE CVE-2013-0431 Vulnerability (CVE-2013-0431)

Severity

High

Classification

CVE-2020-28873 CWE-916 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H