Brute Force Vulnerability in Cloud Foundry UAA Allows Unauthorized Access via MFA

CVE-2018-11082 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user.

Learn more about our User Device Pen Test.