vendor:
Proxmox Virtual Environment
by:
Cory Cline, Gabe Rust
7.1
CVSS
HIGH
Brute Force
307
CWE
Product Name: Proxmox Virtual Environment
Affected Version From: 5.4.2024
Affected Version To: 7.4-1
Patch Exists: NO
Related CWE: CVE-2023-43320
CPE: -
Platforms Tested: Debian
2023
Proxmox VE TOTP Brute Force
The Proxmox Virtual Environment (VE) is vulnerable to a Time-based One-Time Password (TOTP) brute force attack. By repeatedly guessing TOTP codes, an attacker can gain unauthorized access to the system. This vulnerability has been assigned CVE-2023-43320.
Mitigation:
To mitigate this vulnerability, it is recommended to implement account lockout mechanisms, strong password policies, and multi-factor authentication.