etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2020-08-06T21:55:12
Updated: 2021-01-04T02:06:11
Reserved: 2020-06-25T00:00:00
Link: CVE-2020-15115
JSON object: View
NVD Information
Status : Modified
Published: 2020-08-06T22:15:12.093
Modified: 2023-11-07T03:17:25.413
Link: CVE-2020-15115
JSON object: View
Redhat Information
No data.
CWE