How severe is CVE-2024-9683?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-9683?

This is classified as CWE-305, which is a common weakness in software security.

CVE-2024-9683 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement. While the risk is relatively low due to the typical length of the passwords used (73 characters), this vulnerability can still be exploited to reduce the complexity of brute-force or password-guessing attacks. The truncation of passwords weakens the overall authentication process, thereby reducing the effectiveness of password policies and potentially increasing the risk of unauthorized access in the future.

Related Vulnerabilities

CVE-2020-10123

MEDIUM

CVSS:5.3(Medium)

The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with phys...

CWE-3052020

CVE-2020-15077

MEDIUM

CVSS:5.3(Medium)

OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be use...

CWE-3052020

CVE-2023-46611

MEDIUM

CVSS:5.3(Medium)

Authentication Bypass by Primary Weakness vulnerability in yourownprogrammer YOP Poll allows Authentication Bypass.This issue affects YOP Poll: from n/a through 6.5.28.

CWE-3052023

CVE-2024-39899

MEDIUM

CVSS:5.3(Medium)

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener w...

CWE-3052024

CVE-2024-42513

MEDIUM

CVSS:5.3(Medium)

Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when using HTTPS endpoints.

CWE-3052024

CVE-2024-5956

MEDIUM

CVSS:5.3(Medium)

This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly

CWE-3052024