Hall of Fame image from https://openclipart.org/detail/120343/trophy
Back to Hall of Fame Contents Back to Wekan Website

Contents / Brutebleed

CVE Vulnerability name Date Responsible Security Disclosure by Vulnerabilities
CVE-2018-1000549,
In Progress Update Request 938446 		Brutebleed

2018-06-26 Shadow Vault

Did not report to Wekan, was found later from CVE
  • User data is published unconditionally
  • Sessions can be taken over
  • Affected Wekan v1.04-v2.43


Timeline Details
2018-06-26 CVE was published. Wekan was not notified.
2019-11-03 xet7 noticed CVE and that brute force login protection does not work, so then xet7 fixed it. Wekan v2.44 released by xet7, includes fix for brute force login protection.


Back to Hall of Fame Contents Back to Wekan Website